Re: [SLUG] firewall hole for ssh

From: Matt Miller (mmiller1@mptotalcare.com)
Date: Thu Aug 22 2002 - 13:07:00 EDT


On Wed, 2002-08-21 at 23:10, Larry Sanders wrote:
> Following this is the iptables rules that I have been using.
> Notice the wonderful credit given to Derek for his help.
> I like the fact that any traffic from tthe outside is dropped.
> I have a need to allow ssh traffic in for file transfer.
> Joe suggested that I use port 222 and RSA keys for
> authentication to login.
> What additions to this file will be needed to allow this
> traffic on port 222.
> Thanks in Advance
> Larry :-)

I apologize for yet another revision on my first 2 posts, but I realized
I may have made an incorrect assumption in the iptables rules I sent. If
you are trying to ssh (on port 222) directly into your firewall box from
the outside world, all you need is the following rules:

# Accept connections from the outside world to the external interface on
port 222 -- tcp and udp
/sbin/iptables -A INPUT -i eth1 -s 0/0 -p tcp --dport 222 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -s 0/0 -p udp --dport 222 -j ACCEPT
# Log and drop packets for any other destination port not specified
above
/sbin/iptables -A INPUT -i eth1 -s 0/0 -j LOG \
--log-prefix="EXT-SSH DROP: "
/sbin/iptables -A INPUT -i eth1 -s 0/0 -j DROP

-- 
Matt Miller
Systems Administrator
MP TotalCare
gpg public key id: 
08BC7B06




This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:48:37 EDT