On Wed, Oct 5, 2011 at 12:24 AM, Netravali Ganesh
<gnetravali@xxxxxxxxxxxx> wrote:
> Hi..
>
> I have multiple Ethernet interface on the system. I need to enable the ssh on eth0 and block the ssh on all the other interfaces. Below is the iptables rules I am using. This is not working form pls lls let me know what is wrong. I am using RHEL6.1 system.
>
> [root@localhost ~]# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j DROP
> [root@localhost ~]# iptables -L -v -n
> Chain INPUT (policy ACCEPT 40 packets, 5240 bytes)
> pkts bytes target prot opt in out source destination
> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
>
I do not know what are your other rules, but I tend to have my
iptables blocking everything by default and only opening the ports I
need. Something like
iptables -P INPUT DROP -m comment --comment "drop everything"
[...]
iptables -A SERVICES -i eth0 -p tcp -m tcp --dport 22 -m comment
--comment "allow ssh into machine, from eth0" -j ACCEPT
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
