Hi,
I want to restrict SSH so that its only accessible via the machines I own on this network. Obviously need to secure user authentication/host authentication, that aside though is the following sufficient at a network level given technical users also use this network? IP addresses are static, though I know they could be spoofed.
Code:
Chain INPUT (policy DROP)
target prot opt source destination
existing-connections all -- anywhere anywhere
allowed all -- anywhere anywhere
LOGNDROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain LOGNDROP (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 5/min burst 5 LOG level notice prefix `IPTABLES Denied TCP: '
LOG udp -- anywhere anywhere limit: avg 5/min burst 5 LOG level notice prefix `IPTABLES Denied UDP: '
LOG icmp -- anywhere anywhere limit: avg 5/min burst 5 LOG level notice prefix `IPTABLES Denied ICMP: '
Chain allowed (1 references)
target prot opt source destination
ACCEPT tcp -- 192.168.60.3 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.60.4 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.60.5 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.60.6 anywhere tcp dpt:ssh
Chain existing-connections (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED
and
Code:
# /etc/hosts.allow: list of hosts that are allowed to access
sshd: 192.168.60.2
sshd: 192.168.60.3
sshd: 192.168.60.4
sshd: 192.168.60.5
sshd: 192.168.60.6
and
Code:
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system
sshd: ALL
Thanks
Bookmarks