On Fri, 3 Aug 2012, SilverTip257 wrote: > To: CentOS mailing list <centos@xxxxxxxxxx> > From: SilverTip257 <silvertip257@xxxxxxxxx> > Subject: Re: [SOLVED] iptables rule question for Centos 5 > > Marvin, > > You're leaving SSH open to the world with that. > If this is a box behind a firewall, then it's not _as much of a > concern_ ... otherwise you're opening that server up to ssh brute > force attempts. > > Your existing configuration is probably set up to drop/reject if > traffic does not match any of your rules, so you've nearly solved the > "blocking all other traffic" from server2. But you really should put > a specific rule on server1 with source as server2 and dest port 22 > being accepted. > > -s server2 -p tcp --dport 22 -j ACCEPT Or move the SSH port to a non-standard one? Keith _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos