View Full Version : Secure sshd
icesoul
02-21-2014, 03:59 AM
how i secure ssh ? In firewall rules settings i waz add a rule to Deny for all IP, but do not know what to write in field ' Denied IP addresses '
Hello,
Needs to set ip addresses which denied to field "Denied IP addresses". In field "Any
Source address" needs to set allowed network.
icesoul
02-22-2014, 10:36 AM
how to deny all IP and alow just 1 ?
what to write on 'Denied IP addresses' field to deny all IP
how to deny all IP and alow just 1 ?
In this case ISPmanager's Firewall settings should be:
Action - Deny
Protocol - Any
IP address - 1 address that needs to be blocked.
icesoul
03-16-2014, 07:55 AM
In this case ISPmanager's Firewall settings should be:
Action - Deny
Protocol - Any
IP address - 1 address that needs to be blocked.
but how to block all ? not just 1 IP
Sorry, correct variant:
Action: Allow for
Protocol: Any
Source address (network): 0.0.0.0/0
Allowed IP addresses: allowed ip address
icesoul
04-09-2014, 04:50 PM
i tink this firewall is not working
After this setting anyone can connect on ssh
icesoul
04-10-2014, 11:14 AM
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ispmgr_allow_ip (0 references)
target prot opt source destination
Chain ispmgr_allow_sub (0 references)
target prot opt source destination
Chain ispmgr_deny_ip (0 references)
target prot opt source destination
Chain ispmgr_deny_sub (0 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:ssh
Where is no references for ispmanager's chain. Probably, you executed iptables -F what is the reason of problem.
It needs to include ispmanager's chain to INPUT Chain for solving the problem
icesoul
04-15-2014, 02:20 PM
I have delete all the rules and add others, the same, firewall dont work, anyone can connect.
root@isp:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ispmgr_allow_ip (0 references)
target prot opt source destination
ACCEPT tcp -- 089-101-202134.ntlworld.ie anywhere tcp dpt:ssh
Chain ispmgr_allow_sub (0 references)
target prot opt source destination
Chain ispmgr_deny_ip (0 references)
target prot opt source destination
Chain ispmgr_deny_sub (0 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:ssh
root@isp:~#
Still no references.
You should execute commands for adding ispmgr chain to INPUT
iptables -I INPUT 1 -j ispmgr_deny_ip
iptables -I INPUT 2 -j ispmgr_allow_ip
iptables -I INPUT 3 -j ispmgr_allow_sub
iptables -I INPUT 4 -j ispmgr_deny_sub
vBulletin® v3.8.9, Copyright ©2000-2024, vBulletin Solutions, Inc.