I don't want to make any dependency on IP. If IP get changes for any reason ssh will be allowed. Thanks Ganesh -----Original Message----- From: James Lay [mailto:jlay@xxxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 05, 2011 5:39 PM To: Netravali Ganesh; Netfilter Subject: Re: How to block ssh on specific ethernet interface On 10/4/11 10:24 PM, "Netravali Ganesh" <gnetravali@xxxxxxxxxxxx> wrote: >Hi.. > >I have multiple Ethernet interface on the system. I need to enable the >ssh on eth0 and block the ssh on all the other interfaces. Below is the >iptables rules I am using. This is not working form pls lls let me know >what is wrong. I am using RHEL6.1 system. > > [root@localhost ~]# iptables -A INPUT -i eth1 -p tcp -m tcp --dport 22 >-j DROP > [root@localhost ~]# iptables -L -v -n >Chain INPUT (policy ACCEPT 40 packets, 5240 bytes) > pkts bytes target prot opt in out source >destination > 0 0 DROP tcp -- eth1 * 0.0.0.0/0 >0.0.0.0/0 tcp dpt:22 > >Thanks >Ganesh > >-- >To unsubscribe from this list: send the line "unsubscribe netfilter" in >the body of a message to majordomo@xxxxxxxxxxxxxxx >More majordomo info at http://vger.kernel.org/majordomo-info.html Why not just have sshd only listen to the interface you want? From sshd_config: #Use these options to restrict which interfaces/protocols sshd will bind to ListenAddress :: ListenAddress 0.0.0.0 James -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
