Re: question about SSH / IPTABLES
On Thu Jan 23 2003 at 12:24:49PM +0100 'I?aki Mart?nez' <debian@euskal-linux.org> wrote:
> I have a server in internet and i want several clients to access to it via
> SSH but i DON'T want they to be able to use SSH from that server.
>
> So i client can access the server via SSH, but s/he CAN NOT ssh to other
> servers from my server...
If you want to use iptables then allow incoming ssh requests from the
relevant hosts and disallow outgoing ssh request from the server:
iptables -A INPUT -j ACCEPT -p tcp -s <client_ip/mask> --destination-port 22
iptables -A INPUT -j REJECT -p tcp --destination-port 22
iptables -A OUTPUT -j REJECT -p tcp --destination-port 22
This all also depends on the other rules in your ruleset (you may need to
use I instead of A). This also stops everyone from your sever from
connecting to another server via ssh (which may not be what you had in
mind).
Ciao
Charl
__________________________________________________________________________
[ Charl Matthee ] [ +27-11-721-3800 ]
[ Systems Manager ] [ +27-11-405-6508 ]
__________________________________________________________________________
Reply to: