iptables

[vakou]

hi
i want to know how i can disable the port 22 through ip tables not to accept connections

i try edit the iptables-config but finally i didnt make it

anyidea please

thanks

[vakou]

well what happend no one can help me

[Northern]

Try this

iptables -A INPUT -p tcp -s ! 127.0.0.1 --dport ssh -j DROP

This can be refined but it will work.

[vakou]

well in the iptables-config if i add only this rule not working

why

any idea please

[Northern]

Do 'iptables -F' to flush your current rules.

Then type in the command above.

Then do 'iptables-save > /etc/sysconfig/iptables'

Then do 'service iptables restart'

As long as your not using firestarter then the /etc/sysconfig/iptables script is what iptables reads at boot to set you iptables rules.

Then try to ssh onto your box from another.

You can view the current iptables rules with 'iptables -L'

Note, if you have any fancy iptables rules running this will remove them. You may want to do 'iptables-save > ~/iptables.orig' before you do anything.

Also, the /etc/init.d/iptables script is crap. You might want to edit this. For example I commented out lines 129 to 142 otherwise I'd always have a NAT chain, which I didnt want.

Hope that helps.

[w0nders]

this semple blocked SSH(22port)
iptables -N SSH
iptables -A INPUT -p tcp --dport 22 -j SSH
iptables -A SSH -p tcp -d <YOUR_IP> --dport 22 -s <SOURCE_IP>-j ACCEPT
iptables -A SSH -p tcp -d <YOUR_IP> --dport 22 -j REJECT --reject-with tcp-reset

[GrahamB]

Quote:

Originally Posted by vakou

hi
i want to know how i can disable the port 22 through ip tables not to accept connections
i try edit the iptables-config but finally i didnt make it
anyidea please

thanks

Hi Vokou!

Try this thread: http://www.fedoraforum.org/forum/sho...265#post225265

The idea is that Firestarter is so easy to use. So quick. Very user friendly. You don't have to struggle with complex code.

Have fun.