≡ Menu


Verify: Keepalived IP Failover Working Or Not With tcpdump Command

I've installed keepalived IP failover software as described here. But how do I verify it is working or not?
[click to continue…]

Iptables: Unblock / Delete an IP Address Listed in IPtables Tables

I am a brand new user of a Linux iptables and I can't find how to instruct my iptables to delete or unblock an IP address listed in iptables firewall. I'm using Debian Linux version. Can you help please?
[click to continue…]

Linux / FreeBSD: Multiple IP Addresses on One Interface

Q. Can one Linux / BSD system respond to multiple IP address on a single Ethernet interface? I need to run multiple web sites and mod_ssl with a single server. How do I configure my box for multiple IP address?
[click to continue…]

How To Run Linux Web Server / Service on Private IP Network

Q. I've only one public IP address assigned by my ISP using metro Ethernet connection. eth0 has public IP and eth1 is connected to our network switch. How do I configure Linux box to forward traffic to my web server hosted at IP address?
[click to continue…]

Restrict SSH Access Using tcpd (TCPWrapper) on Linux or Unix

How do I use tcpd on a Linux to restrict ssh access?
[click to continue…]

Restrict ssh access using Iptable

Q. How do I stop or restrict access to my OpenSSH (SSHD) server using Linux iptables based firewall?

A. Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services.

Use iptables to Restrict ssh access

Following is simple rule that block all incoming ssh access at port 22
iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d --dport 22 -m state --state NEW,ESTABLISHED -j DROP

However in real life you need to use something as follows. Let us assume that your ssh server IP address is, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -j DROP

If you just want to deny access to group of IPS then you need to add following rules to your script:
for i in $IPS
iptables -A INPUT -p tcp -s 0/0 -s $i --sport 513:65535 -d --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s --sport 22 -d $i --dport 513:65535 -m state --state ESTABLISHED -j DROP

Add all of above rules to your iptables firewall shell script (do not type @ shell prompt)

See also: