Re: How to block ssh on specific ethernet interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 10/4/11 10:24 PM, "Netravali Ganesh" <gnetravali@xxxxxxxxxxxx> wrote:

>Hi..
>
>I have multiple Ethernet  interface on the system. I need to enable the
>ssh on eth0 and block the ssh on all the other interfaces. Below is the
>iptables rules I am using. This is not working form pls lls let me know
>what is wrong. I am using RHEL6.1 system.
>
> [root@localhost ~]# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 22
>-j DROP
> [root@localhost ~]# iptables -L -v -n
>Chain INPUT (policy ACCEPT 40 packets, 5240 bytes)
> pkts bytes target     prot opt in     out     source
>destination
>    0     0 DROP       tcp  --  eth1   *       0.0.0.0/0
>0.0.0.0/0           tcp dpt:22
>
>Thanks
>Ganesh
>
>--
>To unsubscribe from this list: send the line "unsubscribe netfilter" in
>the body of a message to majordomo@xxxxxxxxxxxxxxx
>More majordomo info at  http://vger.kernel.org/majordomo-info.html


Why not just have sshd only listen to the interface you want?  From
sshd_config:

#Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress ::
ListenAddress 0.0.0.0

James


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux