Re: SSH allow only form selected IP'

[James Turnbull <james@xxxxxxxxxxxxxxxxx>]

Kev wrote:

> > e your firewall rules.  Something like:
> >
> > iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -s 
> > 192.168.0.0/24 --dport 22 -j ACCEPT
> > iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -d 
> > 192.168.0.0/24 --sport 22 -j ACCEPT
> >
> > Where 192.168.0.0/24 is the range you are allowing.
> >    
>
> anyway i can do this with the SSH config ?
>
> i can use the iptabel rules for 2-3 IP rangers ?
>  
Have a read of:  
http://www.oreilly.com/catalog/sshtdg/chapter/ch08.html#45775

The firewall rules yes you can do more than one subnet:

iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -s 
192.168.0.0/24 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -d 
192.168.0.0/24 --sport 22 -j ACCEPT

iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -s 
10.0.0.0/24 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -d 
10.0.0.0/24 --sport 22 -j ACCEPT

etc etc

Regards

James

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature