On 7/31/2007 5:04 PM, Maxim Veksler wrote:
I have my machine configured to allow all traffic in INPUT table, but
I would like to block access to port tcp22 from all besides several
ip's.
*nod*
How can I do a "AND" between them as in
Wrong logic operator. The question could also be written as "How do I
block all connections not from the set A or B or C or ...". One way to
achieve this is with the IPSet match extension (which I have not worked
with, so this may not be syntactically correct).
iptables -A INPUT ! -m set --set sshclients src -j DROP
In theory this rule will say "if the source ip is not in set sshclients
DROP the packet".
This will allow you to use the user space utility ipset to control your
(iphash) set which is your list of allowed ssh clients.
Grant. . . .
