I'll take a stab at this...
If you really want to block everything, you can just set the POLICY for the INPUT
chain to DROP, so you wouldn't need all those DROP targets.
To only open up the SSH port into your machine, remove the line that allows all
access from the loal subnet, and add this line:
/usr/sbin/iptables -A INPUT -s 192.168.10.0/24 -p tcp --dport 22 -j ACCEPT
If the POLICY of the INPUT chain is drop, and this is the only rule in the INPUT
chain, then the only thing this will allow in is SSH traffic from your from your
local subnet.
I haven't tested this, but hopefully it helps..
Doug
Glenn Meyer said:
> I stumbling over syntax and need a little help please. This is not on a
> network firewall, but only to protect the local machine.
>
> #!/bin/bash
> # flush the filter table clean
> /usr/sbin/iptables -F
>
> # my local network here at the house is a 192.168.10.0/24 network, so I
> added a /sbin/iptables -A INPUT -s 192.168.10.0/24 -j ACCEPT above the
> "block everything" lines below to accept everything from that range -
> but I want to instead open only port 22
>
> #This works and opens me to everything on my home network
> #/usr/sbin/iptables -A INPUT -s 192.168.10.0/24 -j ACCEPT
>
> I want to instead open just tcp port 22 for ssh but I'm stumbling over
> the --dport 22 part.
> /usr/sbin/iptables -A INPUT -s 192.168.10.0/24 --port 22 -j ACCEPT
>
> # block everyting coming in to my machine, all interfaces
> # if you uncomment the #'s, it will log the blocks too
> #/usr/sbin/iptables -A INPUT -s 0/0 -d 0/0 -m state --state NEW -j LOG
> /usr/sbin/iptables -A INPUT -s 0/0 -d 0/0 -m state --state NEW -j DROP
> #/usr/sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j LOG
> /usr/sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
> #/usr/sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG
> /usr/sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
> #/usr/sbin/iptables -A INPUT -p icmp --icmp-type any -j LOG
> /usr/sbin/iptables -A INPUT -p icmp --icmp-type any -j DROP
>
>
> Thank you for your help!
> -----------------------------------------------------------------------
> This list is provided as an unmoderated internet service by Networked
> Knowledge Systems (NKS). Views and opinions expressed in messages
> posted are those of the author and do not necessarily reflect the
> official policy or position of NKS or any of its employees.
>
-- “Is it greedy to want to keep the money you've earned -- to spend it on your own children, to secure your own future and retirement so you won't be a burden on others, to buy a home of your own, to provide your family with the things that make life more enjoyable? Or is it greedy to want something for nothing -- to want the government to confiscate money from those who have earned it and give it to you or to your pet social project? Greed is wanting the government to force other people to conform to your desires, to outlaw your competitors, to remake the world in your image because you think you know more than everyone else.”Harry Browne
----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:36:10 EDT