Very Computer

by Ma » Thu, 29 Jul 2004 12:46:58

Hi all,

I would like to configure iptables to drop all SSH connections. I have
the following rules set up:

Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp
spt:ssh
DROP udp -- anywhere anywhere udp
spt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

However, launching an SSH program on another computer and attempting
to connect lets me through.

Can someone tell me what I'm doing wrong?
Thanks in advance,
Max

by **Christoph Scheure** » Thu, 29 Jul 2004 15:22:13

On 27 Jul 2004 20:46:58 -0700

> Hi all,

> I would like to configure iptables to drop all SSH connections. I have
> the following rules set up:

> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> DROP tcp -- anywhere anywhere tcp
> spt:ssh
> DROP udp -- anywhere anywhere udp
> spt:ssh

> Chain FORWARD (policy ACCEPT)
> target prot opt source destination

> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination

> However, launching an SSH program on another computer and attempting
> to connect lets me through.

> Can someone tell me what I'm doing wrong?
> Thanks in advance,
> Max

you have to change --sport 22 to --dport 22

then it will work

Greets
Chris

Very Computer

Configuring IP Tables

Configuring IP Tables

Configuring IP Tables