Re: To disable the internet and allow only SSH connection to this server running Red Hat Enterprise Linux release 8.9 (Ootpa)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You don't want to block DNS lookups and outbound ping. Also, NTP is pretty important as well and I would add a rule to allow outbound NTP traffic.

So, you could deny everything except for inbound SSH and outbound DNS, ping, and NTP.

Thanks,

Rajiv Baxi


Virus-free.www.avg.com

On Fri, Mar 8, 2024 at 4:17 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:
Hi,

I am running Red Hat Enterprise Linux release 8.9 (Ootpa). Is there a way to disable the internet and allow only SSH connection to this server? I have followed the below steps to disable internet access and allow only SSH connections to the remote server.

#systemctl stop NetworkManager
#systemctl disable NetworkManager

#vim /etc/sysconfig/network-scripts/ifcfg-enp1s0

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=enp1s0
UUID=86cea6e1-ec03-49e7-9d6d-1d1b9d094cdc
DEVICE=enp1s0
_ONBOOT_=yes
IPADDR=192.168.0.114
PREFIX=24
GATEWAY=192.168.0.10
DNS1=8.8.8.8
DNS2=8.8.4.4
ZONE=drop

# systemctl restart network
Failed to restart network.service: Unit network.service not found.
#

#firewall-cmd --permanent --zone=public --add-service=ssh
#firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
#firewall-cmd --reload

#vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

#sysctl -p

ssh root@192.168.0.114

ping google.com


I am still able to reach out to google.com

# ping google.com
PING google.com (142.250.193.142) 56(84) bytes of data.
64 bytes from maa05s25-in-f14.1e100.net (142.250.193.142): icmp_seq=1 ttl=57 time=10.5 ms
64 bytes from maa05s25-in-f14.1e100.net (142.250.193.142): icmp_seq=2 ttl=57 time=10.1 ms
64 bytes from maa05s25-in-f14.1e100.net (142.250.193.142): icmp_seq=3 ttl=57 time=10.7 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 10.147/10.452/10.701/0.258 ms

Please guide me. Thanks in advance. 

Best Regards,

Kaushal

--
You received this message because you are subscribed to the Google Groups "redhat-list@xxxxxxxxxx" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redhat-list+unsubscribe@xxxxxxxxxx.

To unsubscribe from this group and stop receiving emails from it, send an email to redhat-list+unsubscribe@xxxxxxxxxx.

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux