Why don't iptables settings work?

D

diman552017-07-28 04:33:21

SSH

diman55, 2017-07-28 04:33:21

Hello everyone, I wanted to deny access via SSH to everyone except my ip. I found information on the Internet that this can be done through iptables and actually here are the rules:
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s YOU IP (yes, here I wrote my ip) -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
I have iptables-persistent in my configs, like I did everything clearly. At least when restarting the iptables-persistent service, there was no [fail] but I still remained in the terminal (where YOU IP I entered the ip of my second VDS to check if it would kick me out of the terminal) I also tried to directly enter these commands into the terminal, there were no errors and I was still in the console.
Knowledgeable people, please help. I need to deny access to all except 2-3 sp.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2017-07-28
@CityCat4

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

Take the iptables dock and translate what you wrote into Russian:
If the destination port is 22, then accept the package. Point There are no conditions about restricting access .
You can do this, for example, like this (you first need to set ipset, if not installed, create a setname set, where the necessary IPs are listed, for example like this:

create setname hash:ip family inet hashsize 1024 maxelem 65536 
add setname 1.2.3.4
add setname 1.3.4.5

)

-A INPUT -p tcp --dport 22 -m set --match-set setname src -j ACCEPT
-A INPUT -p tcp --dport 22 -j DROP

K

krosh, 2017-07-28
@krosh

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -s IP_ADDR -j ACCEPT
... дополнительные правила
iptables -P INPUT DROP