Re: firewall help request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



At 12:30 PM 6/16/2020, John Pierce wrote:
On Tue, Jun 16, 2020 at 12:26 PM david <david@xxxxxxxx> wrote:

>
> Examples of what I've tried, and then tested.  None of them stopped
> an outgoing SSH from an internal system.
>
>    iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP
>    iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP
>
>
>
which interface is that bound to?   I don't see a -i eth0 or whatever, but
you want that rule on your LAN interface.

note these rules will also prevent any host on 10.0.0.0/24 from ssh'ing to
the gateway machine itself.

At your suggestion, the command became

iptables -I INPUT -p tcp --dport 22 -i enp3s0 -s 10.0.0.0/24 -j DROP

where enp3s0 is the internal NIC with address 10.0.0.1. I'm assuming that your advice about LAN represents the internal network because on most routers, it is, and WAN is the internet connection.

And ssh worked :-(
unfortunately

I know that many ISPs block outgoing port 25, so I know this is do-able.

David
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux