Re: To disable the internet and allow only SSH connection to this server running Red Hat Enterprise Linux release 8.9 (Ootpa)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 9 May 2024, 05:27 Rajiv Baxi, <rajiv.baxi@xxxxxxxxxxx> wrote:
You don't want to block DNS lookups and outbound ping. Also, NTP is pretty important as well and I would add a rule to allow outbound NTP traffic.

So, you could deny everything except for inbound SSH and outbound DNS, ping, and NTP.

Thanks,

Rajiv Baxi


Thanks Rajiv for the detailed description.
Any example if you can share with us to understand it better.

Thanks in advance.

Best Regards,

Kaushal 


Virus-free.www.avg.com

On Fri, Mar 8, 2024 at 4:17 AM Kaushal Shriyan <kaushalshriyan@xxxxxxxxx> wrote:
Hi,

I am running Red Hat Enterprise Linux release 8.9 (Ootpa). Is there a way to disable the internet and allow only SSH connection to this server? I have followed the below steps to disable internet access and allow only SSH connections to the remote server.

#systemctl stop NetworkManager
#systemctl disable NetworkManager

#vim /etc/sysconfig/network-scripts/ifcfg-enp1s0

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=enp1s0
UUID=86cea6e1-ec03-49e7-9d6d-1d1b9d094cdc
DEVICE=enp1s0
_ONBOOT_=yes
IPADDR=192.168.0.114
PREFIX=24
GATEWAY=192.168.0.10
DNS1=8.8.8.8
DNS2=8.8.4.4
ZONE=drop

# systemctl restart network
Failed to restart network.service: Unit network.service not found.
#

#firewall-cmd --permanent --zone=public --add-service=ssh
#firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
#firewall-cmd --reload

#vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

#sysctl -p

ssh root@192.168.0.114

ping google.com


I am still able to reach out to google.com

# ping google.com
PING google.com (142.250.193.142) 56(84) bytes of data.
64 bytes from maa05s25-in-f14.1e100.net (142.250.193.142): icmp_seq=1 ttl=57 time=10.5 ms
64 bytes from maa05s25-in-f14.1e100.net (142.250.193.142): icmp_seq=2 ttl=57 time=10.1 ms
64 bytes from maa05s25-in-f14.1e100.net (142.250.193.142): icmp_seq=3 ttl=57 time=10.7 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 10.147/10.452/10.701/0.258 ms

Please guide me. Thanks in advance. 

Best Regards,

Kaushal

--
You received this message because you are subscribed to the Google Groups "redhat-list@xxxxxxxxxx" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redhat-list+unsubscribe@xxxxxxxxxx.

To unsubscribe from this group and stop receiving emails from it, send an email to redhat-list+unsubscribe@xxxxxxxxxx.

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux