RE: [CentOS] iptables rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Good morning,


First I would recommend using different rules for your INPUT and FORWARD
chains; it's 100 times easier to troubleshoot and can make things look a
lot simpler.  Second, I would refrain from posting any external ip
addresses on a public forum.

I'm not sure about your setup, but usually when you're creating rules
such as these, it's a good idea to start off with a default policy of
DROP for INPUT, OUTPUT and FORWARD.  From a security perspective it's
better to block everything and only allow what you're looking for.

Anyways, for your rules, I would replace "-A RH-Firewall-1-INPUT -i eth0
-s 82.201.195.123 -j ACCEPT" and "-A RH-Firewall-1-INPUT -m tcp -p tcp
--dport 22 -j REJECT" with:

-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp -s ! 82.201.195.123 --dport
22 -j DROP

This will drop everything on eth0 going to port 22 from everywhere
except the ip address specified.  However, it's still easy to spoof an
ip address in order to get ssh access to this box.  I would really
recommend to set all your default policies to DROP though.  If you'd
like an exhaustive tutorial:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html

Peace.


Andrew Elliott
Network Services
Computar Services Inc.
2191 Thurston Drive
>Ottawa, Ontario K1G 6C9
>Tel: (613) 482-8374
>Fax: (613) 737-3611
>Email: andrewe@xxxxxxxxxxx

-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
Behalf Of Abd El-Hameed Ayad
Sent: Tuesday, May 23, 2006 9:35 AM
To: centos@xxxxxxxxxx
Subject: [CentOS] iptables rules

Hi,
  I have 2 CentOS servers 82.201.195.123 & 62.139.61.84 I want to deny
all ssh logins on port 22 on (62.139.61.84) from any host except from
(82.201.195.123)


Can anybody tell me such iptables rules to write in
/etc/sysconfig/iptables
Currently, im using the following rules (on 62.139.61.84)

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -s 82.201.195.123 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j REJECT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

But i found that somebody is bypassing these rules & trying to 
authenticate with unknown (or wrong password)  accounts

Thanx in advance


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux