2009/10/31 Ralph Blach <rblach@xxxxxxxxxx> > > I am not so good at writing what I wish to accomplish > > I am often not at home and wish to access my system. That means when I ssh into my machine, it will be from > a ip address of a hotels or other ISP network. > > Internternet linksys 10.0.0.0/255.255.255.0 > -------------------| firewall with portt 22 forwarded | ----------------|linux server|------------ > > For my home machine, I wish to block traffic from network which I see in my /var/log/secure file have attached my machine. > ( By now I have a long list, I anybody wants it) > But for certain well know address, like the 10.0.0.0/255.255.255.0 and the nameserver addresses, I just wish to accept those > There seens to be a never ending stream of break in attempts. > > in sshd, I have all dened all uses except a 2 users with Complex names and passwords. > > so allow the internal local network. > allow the nameservers. > deny attacking networks. > iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -N ALLOW iptables -A ALLOW -s <internal network> -j ACCEPT iptables -A ALLOW -d <internal network> -j ACCEPT iptables -A ALLOW -s <dns> --sport 53 -j ACCEPT iptables -A ALLOW -d <dns> --dport 53 -j ACCEPT iptables -A INPUT -j ALLOW iptables -A INPUT -j LOG --log-prefix "FW DROP >" --log-ip-options --log-tcp-options Repeat the last two rules for the OUTPUT and FORWARD chains as well. The last (log) rule is only if you want a record of whats going on. ***ANY*** traffic not explicitly added to the ALLOW user-defined chain will get dropped. -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html