Re: IPTables, IRC, and SSH

To: debian-security@lists.debian.org
Subject: Re: IPTables, IRC, and SSH
From: Hubert Chan <hackerhue@crosswinds.net>
Date: 03 Feb 2001 18:46:15 -0700
Message-id: <87vgqrnrtk.fsf@sixpack.math.ualberta.ca>
In-reply-to: <3A7C5E47.1000209@myrealbox.com>
References: <3A7C5E47.1000209@myrealbox.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Troy" == Troy Telford <troyt@myrealbox.com> writes:

    Troy>   I have every ruleset for my firewall set how I want it... except
    Troy> for IRC and ssh...

    [cut IRC part, cuz I don't use IRC so I wouldn't know]

    Troy> Second - SSH - I would like iptables to accept incoming connections
    Troy> to OpenSSH, but from a specific domain (myschool.edu).  However, I
    Troy> don't know the IP range for the domain, nor do I know how to set
    Troy> IPtables to allow connections from only that domain.  For that
    Troy> matter, I have only been able to have incoming SSH connections when
    Troy> iptables allows ALL incoming connections.  So what commands do I need
    Troy> to use for SSH?  (Again, with state tracking would be preferred).

Pick a machine in the domain and find out its IP address (nslookup).  Then run

  whois -h whois.arin.net [IP address]

In the output, look for the line that says "Netblock:".  It will give a range
of addresses.  Pretend that it says 127.0.0.0 - 127.0.255.255.  Then add rules
that go something like this:

/usr/sbin/iptables -N ssh_in
/usr/sbin/iptables -A ssh_in -d 127.0.0.0/16 -j ACCEPT
/usr/sbin/iptables -A ssh_in -j REJECT

/usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ssh_in

(of course, put it in whatever style you like for the chains, and you can use
DROP instead of REJECT)

The "/16" means that the first 16 bits (i.e. 2 bytes) of the address are the
ones that matter.  You'll have to change that to fit whatever you find out from
whois, but if it's an .edu, it'll probably be 16.

HTH

Hubert

- -- 
____     |     -----------------------------------------------------------
|  /   --+--
| /   ___|___    Hubert Chan <hackerhue@crosswinds.net>
| \   | _|_ |
|__|  |__|__|    GCS/M d- s:- a-- C++ UL+(++++) P++ L++ E++ W++ N++ o?
|        |       K? w--- O++ M- V- PS-- PE+++ Y+ PGP+ t+ 5 X R- tv+ b+
|      / | \     DI++++ D G e++ h! !r !y
|     /  |  \
|        |     <><------------------ http://www.crosswinds.net/~hackerhue/

PGP/GnuPG fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key can be found at http://www.crosswinds.net/~hackerhue/hackerhue.asc
Please encrypt all mail to me if possible.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE6fLReZRhU33H9o38RAoW6AJ4yz2yGxwvB0DEnIwRHF4yEfQ21xwCfcvJn
v6SeES8Cskdw4B6n7CoW9A4=
=voqO
-----END PGP SIGNATURE-----

Reply to:

References:
- IPTables, IRC, and SSH
  - From: Troy Telford <troyt@myrealbox.com>

Prev by Date: Re: Clear screan question
Next by Date: Re: IPTables, IRC, and SSH
Previous by thread: IPTables, IRC, and SSH
Next by thread: Re: IPTables, IRC, and SSH
Index(es):
- Date
- Thread