Thanks Paul,
Was hoping for a simple solution and well please to know I can do it both ways.
Many thanks Best regards Rudi
Paul Annesley wrote:
---------- Forwarded message ---------- From: Paul Annesley <paul.annesley@xxxxxxxxx> Date: Mon, 15 Nov 2004 18:05:17 +1100 Subject: Re: Policy Accept + Allow Multiple IP's To: Rudi Starcevic <tech@xxxxxxxxxxxx>
On Mon, 15 Nov 2004 16:51:57 -0800, Rudi Starcevic <tech@xxxxxxxxxxxx> wrote:
Hi,
I have an Iptables firewall with a default policy of accept.
I want to allow only certain IP's ssh access.
So far I have this rule which allows 1 ip:
iptables -A INPUT -p tcp --dport 22 -s ! xxx.xxx.xxx.xxx -j DROP
I'm not sure how to list more that 1 allowable IP.
This is a production box I've inherited so I'm hoping to work with I already
have but may need to look at changing the default policy to drop or
something.
Perhaps you should look at making the policy DROP and allowing specific traffic.. However what you're after can be done with two rules.. something like;
iptables -A INPUT -p tcp --dport 22 -s x.x.x.x -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j DROP
Please advise, many thanks. Regards Rudi
