[asterisk-biz] 87.230.80.186 - Trying to register

bruce bruce bruceb444 at gmail.com
Tue Jun 29 16:13:13 CDT 2010 

Thanks for the amazing cronjob advice.

On Tue, Jun 29, 2010 at 4:26 PM, Steve Edwards <asterisk.org at sedwards.com>wrote:

> On Tue, 29 Jun 2010, bruce bruce wrote:
>
>  Thanks for that Steve. This works. However, what if I do this (would I
>> block myself from SSH 22):
>> --------------------------------------------------------------
>> sudo iptables\
>>                --append INPUT\
>>                --match tcp\
>>                --protocol tcp\
>>                --dport 22\
>>                --source 0.0.0.0\
>>                --jump ACCEPT
>> --------------------------------------------------------------
>> sudo iptables\
>>                --append INPUT\
>>                --source 87.230.90.0/24\ <http://87.230.90.0/24%5C>
>>                --jump DROP
>>
>> --------------------------------------------------------------
>>
>> Will that block all other traffic to the server and only allow SSH 22? I
>> don't want to block myself out and it's very important because this is a
>> remote server. If you can confirm above then I can add the legit IPs one by
>> one after that I guess.
>>
>
> I'm not a fan of executing iptables from the command line, nor am I an
> iptables expert.
>
> A very simple /etc/sysconfig/iptables would look like:
>
> *filter
> :INPUT DROP [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
>
> # established connections
> --append INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT
>
> # accept SSH from bruce bruce
> --append INPUT --match tcp --protocol tcp --dport 22 --source a.b.c.d
> --jump ACCEPT
>
> # log everything else
> --append INPUT --protocol all --jump LOG
>
> # drop everything else
> --append INPUT --protocol all --jump DROP
>
> COMMIT
>
> This should get you started.
>
> Any time you are fiddling with iptables, it would be prudent to add
> something like this to root's crontab:
>
> #       Min     hour    DOM     month   DOW     command
>        */05    *       *       *       *       /etc/init.d/iptables stop
>
> In case you "blow it," you can get back in within 5 minutes.
>
> --
> Thanks in advance,
> -------------------------------------------------------------------------
> Steve Edwards       sedwards at sedwards.com      Voice: +1-760-468-3867 PST
> Newline                                              Fax: +1-760-731-3000
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-biz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20100629/06936de3/attachment.htm

More information about the asterisk-biz mailing list