Is there a way to deny all external traffic (WAN) to SSH and allow only local traffic (192.168.0.1 to 192.168.0.255) and what would be the rule?
Asked
Active
Viewed 9,133 times
6
-
1You should post your solution as an answer then accept it. – user9517 Dec 31 '10 at 20:16
1 Answers
3
iptables -A INPUT -p tcp -m state --state NEW --source 192.168.0.1/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
DesMoines
- 91
- 1
- 6
-
2I'm assuming you have a rule up the INPUT chain that accepts ESTABLISHED traffic already. That would be crucial. Just FYI for anyone else attempting to use this answer. – Belmin Fernandez Dec 31 '10 at 22:33
-
1@Nimmy Lebby: That may be a questionable assumption, considering the answer also includes a `--source` with a malformed network range. I believe `iptables` will interpret it as `192.168.0.0/24`, which, fortunately, seems to be the desired range. IMO, this question and answer seem to have garnered more than a few egg-nog inspired upvotes. – Steven Monday Jan 01 '11 at 01:43
-
I was going to comment on the network address as well but I have tested it and, yes, your belief on the iptables interpretation is correct. And I wish I had some eggnog myself. – Belmin Fernandez Jan 01 '11 at 01:46