#Substitute values for yours.
#your iptables binary
IPT=iptables
#your external iface
EFACE=ppp0
$IPT -A INPUT -i $EFACE -p tcp --dport ssh --syn -j DROP
Say us if that is your need and if that works fine for you.
lst_hoe01@xxxxxxxxx writes:
Zitat von Hilmar Berger <Hilmar.Berger@xxxxxx>:
Hi,
I am running iptables 1.2.11/Linux 2.4.27-pre2. Firewall is started when ADSL
connection is going up.
The rule set I use is from some example iptables ruleset to set up
IP-masquerading. I needed this sometime ago in order to connect my laptop to
my desktop and connect to internet through its dsl modem.
I never had any trouble with my firewall before. It worked as expected - at
least that's what it seems to me.
Today someone tried to break in my machine (desktop, the one the firewall is running on) by connection to sshd - which should have been blocked. I tried to test if this was because my firewall rules are bad or because there is some other bug. Unfortunately, I don't have another machine around right now and iptables does not have the -C option that exists with ipchains to check if the rules work as desired.
With this rule
# remote interface, any source, going to permanent PPP address is valid
#
$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT
and sshd bind to any interface you should not wonder why every one can connect
to your firewall sshd and any other service running on the firewall ...
Regards
Andreas
Samuel Díaz García
Director Gerente
ArcosCom Wireless, S.L.L.
mailto:samueldg@xxxxxxxxxxxx
http://www.arcoscom.com
móvil: 651 93 72 48
tlfn.: 956 70 13 15
fax: 956 70 34 83
