Thanks for the amazing cronjob advice.<br><br><div class="gmail_quote">On Tue, Jun 29, 2010 at 4:26 PM, Steve Edwards <span dir="ltr"><<a href="http://asterisk.org">asterisk.org</a>@<a href="http://sedwards.com">sedwards.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Tue, 29 Jun 2010, bruce bruce wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Thanks for that Steve. This works. However, what if I do this (would I block myself from SSH 22):<br>
--------------------------------------------------------------<br>
sudo iptables\<br>
--append INPUT\<br>
--match tcp\<br>
--protocol tcp\<br>
--dport 22\<br>
--source 0.0.0.0\<br>
--jump ACCEPT<br>
--------------------------------------------------------------<br>
sudo iptables\<br>
--append INPUT\<br></div>
--source <a href="http://87.230.90.0/24%5C" target="_blank">87.230.90.0/24\</a><br>
--jump DROP<div class="im"><br>
--------------------------------------------------------------<br>
<br>
Will that block all other traffic to the server and only allow SSH 22? I don't want to block myself out and it's very important because this is a remote server. If you can confirm above then I can add the legit IPs one by one after that I guess.<br>
</div></blockquote>
<br>
I'm not a fan of executing iptables from the command line, nor am I an iptables expert.<br>
<br>
A very simple /etc/sysconfig/iptables would look like:<br>
<br>
*filter<br>
:INPUT DROP [0:0]<br>
:FORWARD ACCEPT [0:0]<br>
:OUTPUT ACCEPT [0:0]<br>
<br>
# established connections<br>
--append INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT<br>
<br>
# accept SSH from bruce bruce<br>
--append INPUT --match tcp --protocol tcp --dport 22 --source a.b.c.d --jump ACCEPT<br>
<br>
# log everything else<br>
--append INPUT --protocol all --jump LOG<br>
<br>
# drop everything else<br>
--append INPUT --protocol all --jump DROP<br>
<br>
COMMIT<br>
<br>
This should get you started.<br>
<br>
Any time you are fiddling with iptables, it would be prudent to add something like this to root's crontab:<br>
<br>
# Min hour DOM month DOW command<br>
*/05 * * * * /etc/init.d/iptables stop<br>
<br>
In case you "blow it," you can get back in within 5 minutes.<br><font color="#888888">
<br>
-- <br></font><div><div></div><div class="h5">
Thanks in advance,<br>
-------------------------------------------------------------------------<br>
Steve Edwards <a href="mailto:sedwards@sedwards.com" target="_blank">sedwards@sedwards.com</a> Voice: +1-760-468-3867 PST<br>
Newline Fax: +1-760-731-3000</div></div><br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-biz mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-biz" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-biz</a><br></blockquote></div><br>