Er, make SERVICES == INPUT On Wed, Oct 5, 2011 at 12:49 AM, Mauricio Tavares <raubvogel@xxxxxxxxx> wrote: > On Wed, Oct 5, 2011 at 12:24 AM, Netravali Ganesh > <gnetravali@xxxxxxxxxxxx> wrote: >> Hi.. >> >> I have multiple Ethernet interface on the system. I need to enable the ssh on eth0 and block the ssh on all the other interfaces. Below is the iptables rules I am using. This is not working form pls lls let me know what is wrong. I am using RHEL6.1 system. >> >> [root@localhost ~]# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j DROP >> [root@localhost ~]# iptables -L -v -n >> Chain INPUT (policy ACCEPT 40 packets, 5240 bytes) >> pkts bytes target prot opt in out source destination >> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 >> > I do not know what are your other rules, but I tend to have my > iptables blocking everything by default and only opening the ports I > need. Something like > > iptables -P INPUT DROP -m comment --comment "drop everything" > [...] > iptables -A SERVICES -i eth0 -p tcp -m tcp --dport 22 -m comment > --comment "allow ssh into machine, from eth0" -j ACCEPT > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
