At 12:30 PM 6/16/2020, John Pierce wrote:
On Tue, Jun 16, 2020 at 12:26 PM david <david@xxxxxxxx> wrote:
>
> Examples of what I've tried, and then tested. None of them stopped
> an outgoing SSH from an internal system.
>
> iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP
> iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP
>
>
>
which interface is that bound to? I don't see a -i eth0 or whatever, but
you want that rule on your LAN interface.
note these rules will also prevent any host on 10.0.0.0/24 from ssh'ing to
the gateway machine itself.
At your suggestion, the command became
iptables -I INPUT -p tcp --dport 22 -i enp3s0 -s 10.0.0.0/24 -j DROP
where enp3s0 is the internal NIC with address 10.0.0.1. I'm assuming
that your advice about LAN represents the internal network because on
most routers, it is, and WAN is the internet connection.
And ssh worked :-(
unfortunately
I know that many ISPs block outgoing port 25, so I know this is do-able.
David
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos