On Wed, Oct 5, 2011 at 12:24 AM, Netravali Ganesh <gnetravali@xxxxxxxxxxxx> wrote: > Hi.. > > I have multiple Ethernet interface on the system. I need to enable the ssh on eth0 and block the ssh on all the other interfaces. Below is the iptables rules I am using. This is not working form pls lls let me know what is wrong. I am using RHEL6.1 system. > > [root@localhost ~]# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j DROP > [root@localhost ~]# iptables -L -v -n > Chain INPUT (policy ACCEPT 40 packets, 5240 bytes) > pkts bytes target prot opt in out source destination > 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 > I do not know what are your other rules, but I tend to have my iptables blocking everything by default and only opening the ports I need. Something like iptables -P INPUT DROP -m comment --comment "drop everything" [...] iptables -A SERVICES -i eth0 -p tcp -m tcp --dport 22 -m comment --comment "allow ssh into machine, from eth0" -j ACCEPT -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html