If you did not set up a custom SSH port, you would want that to remain 22 and not 3389. Where IPADDR is your IP address that you want to have SSH access to your server. Where it states the SSH rule we identified earlier, you want to change it to be: -A INPUT -s IPADDR –m tcp –p tcp -dport 3389 –j ACCEPT This involves editing the SSH rule and adding more. If you want to get more restrictive with your IPtables, specifically access to SSH, you can do the following for each IP address that should be allowed through. This will cause your new rules to go into effect immediately and they’ll remain through reboots. To have the changes take effect, you will need to save and exit the file and then run: service iptables restart This will stop people trying to break in using services that you have running unless you have opened those ports to the public.Īnd that’s it! Your server is now more secure simply by changing a few things in IPTables. What this does is it tells IPTables to block and drop all traffic that is not going to ports you specify to allow through. If you don’t have a custom SSH port, you can ignore this but you should think about adding one! Next, we want to take the section that says: :INPUT ACCEPT and :FORWARD ACCEPT Īnd make it say: :INPUT DROP and :FORWARD DROP The first thing we want to do is if you have a custom SSH port (you should if you have followed the Changing your SSH Port In CentOS (link) tutorial or have changed it yourself), change the line that states: -dport 22įollowing our example in the custom SSH port tutorial above, the line should read: -A INPUT -m state -state NEW -m tcp -p tcp -dport 3389 -j ACCEPT You should get a page that looks like the above.
0 Comments
Leave a Reply. |