I am not so good at writing what I wish to accomplish
I am often not at home and wish to access my system. That means when I
ssh into my machine, it will be from
a ip address of a hotels or other ISP network.
Internternet
linksys 10.0.0.0/255.255.255.0
-------------------| firewall with portt 22 forwarded |
----------------|linux server|------------
For my home machine, I wish to block traffic from network which I see in
my /var/log/secure file have attached my machine.
( By now I have a long list, I anybody wants it)
But for certain well know address, like the 10.0.0.0/255.255.255.0 and
the nameserver addresses, I just wish to accept those
There seens to be a never ending stream of break in attempts.
in sshd, I have all dened all uses except a 2 users with Complex names
and passwords.
so allow the internal local network.
allow the nameservers.
deny attacking networks.
Richard Horton wrote:
2009/10/28 Ralph Blach <rcblach@xxxxxxxxx>:
Ok,
[snip]
Since I get attached, I want to drop and log from any attaching network.
This happens on a daily bassis, so I am constally updating the list.
What is the best set of rules to accomplish this
If you only wish to allow traffic from your internal network and the
external nameservers then its simple.
set your iptables policies, as said earlier, to DROP.
Then create explicit rules to accept the traffic you want in each
chain as needed.
If you want to log any DROP traffic then just make the LAST rule in
each chain a logging rule...
If you use DROP as a policy and only allow specific traffic you will
not have to keep updating your rule set to block additional networks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html