Re: ipchians and ssh

To: Debian Mailing list <debian-user@lists.debian.org>
Subject: Re: ipchians and ssh
From: dman <dsh8290@rit.edu>
Date: Sun, 2 Sep 2001 13:13:50 -0400
Message-id: <[🔎] 20010902131349.C13758@harmony.cs.rit.edu>
Mail-followup-to: Debian Mailing list <debian-user@lists.debian.org>
In-reply-to: <[🔎] 999450625.3b926801b14ba@heritage.sd57.bc.ca>; from megglestone@heritage.sd57.bc.ca on Sun, Sep 02, 2001 at 10:10:25AM -0700
References: <[🔎] 999450625.3b926801b14ba@heritage.sd57.bc.ca>

On Sun, Sep 02, 2001 at 10:10:25AM -0700, Mike Egglestone wrote:
| Hi all,
| 
| What would be a good ipchains command to block all tcp traffic
| to and from a box except "ssh"?
| I have a box that will only be running rsync thru ssh.
| 
| This is what I tried, but I don't think it worked.
| 
| ipchains -I input -p tcp -s 0/0 -d 0/0 ! ssh -j DENY

What you need to do is specify the port to allow, somehow.  ssh uses
port 22 unless you do something strange to make it use a different
port.

With iptables I use the command :

    iptables -A INPUT -p tcp --dport ssh -j ACCEPT

This says that in the input chain, for tcp packets, if the port number
matches ssh in /etc/services then accept the packet regardless of IP
addresses.  Hopefully this will give you a pointer towards the
necessary ipchains options.  You may need to specify an integer rather
than a name defined in /etc/services for ipchains, I don't know for
sure.

-D

Reply to:

Follow-Ups:
- Re: ipchians and ssh
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>

References:
- ipchians and ssh
  - From: Mike Egglestone <megglestone@heritage.sd57.bc.ca>

Prev by Date: Re: Gnome Freeze (me too!)
Next by Date: Re: x app without login
Previous by thread: ipchians and ssh
Next by thread: Re: ipchians and ssh
Index(es):
- Date
- Thread