Re: I need to allow to login to Linux pc from particular IP addr only - Can I do that with IPtables command?
- From: Allen McIntosh <nospam@xxxxxxxxxxxxxxxx>
- Date: Sun, 29 Jan 2006 11:02:53 -0500
d wrote:
This web page might give you some ideas.
http://www.itc.virginia.edu/unixsys/sec/hosts.html
Blocking with hosts.deny can be much too late if someone is exploiting a security hole. (e.g. the SSH V1 exploit from a few years back.) My personal take on this is
1) Only allow SSH through my hardware firewall. Nothing else. No telnet, rlogin, ftp,...
2) Only allow SSH V2.
3) Use iptables to restrict access. (Before I did this, the number of breakin attempts was scary.) Here is the relevant fragment:
-A INPUT -p tcp -m tcp --dport 22 --syn -j ssh-rules # SSH rules. -A ssh-rules -s 192.168.1.0/24 -j ACCEPT -A ssh-rules -j DROP
Without a hardware firewall I would be much tougher on SYN packets. .
- References:
- Prev by Date: Re: I need to allow to login to Linux pc from particular IP addr only - Can I do that with IPtables command?
- Next by Date: DNAT and webserver's access_log
- Previous by thread: Re: I need to allow to login to Linux pc from particular IP addr only - Can I do that with IPtables command?
- Next by thread: Re: I need to allow to login to Linux pc from particular IP addr only - Can I do that with IPtables command?
- Index(es):
Relevant Pages
|
