# Add to other nodes :SSH-INPUT - [0:0] # Add to other filters -A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 22 -m recent --rcheck --name SSH1 -j ACCEPT -A TRAFFIC -m state --state NEW -m tcp -p tcp -m recent --name SSH1 --remove -j DROP -A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 5678 -m recent --rcheck --name SSH0 -j SSH-INPUT -A TRAFFIC -m state --state NEW -m tcp -p tcp -m recent --name SSH0 --remove -j DROP -A TRAFFIC -m state --state NEW -m tcp -p tcp --dport 1234 -m recent --name SSH0 --set -j DROP -A SSH-INPUT -m recent --name SSH1 --set -j DROP
This closes port 22 except to IP addresses that have accessed port 1234 and then port 5678 first. Example: $ telnet myhomepc.net 1234 Trying 123.231.123.231...^C $ telnet myhomepc.net 5678 Trying 123.231.123.231...^C $ ssh [email protected] [joe ~] $ _ NOTE: This adds little in the way of security. I use it merely to keep the log files clean (from zillions of login attempts). Helps me avoid having to maintain a long blacklist (or even a short whitelist). Remember to open ports 22, 1234 and 5678 on the router. Also best to use some other random pair of ports than 1234 / 5678. :-) On Wed, May 6, 2009 at 1:54 PM, Michael <[email protected]> wrote: > > If I have a connection arriving on Port X from IPaddr A.B.C.D can I forward it > to port 80X? > > Or to be a bit less abstract: > > If I have a client connecting to port 22 on my server, say from 10.18.18.4 > can I use IPtables to sent that connection to Port 8022 on the same box? > > At the same time I would want traffic from 10.18.19.4 to arrive on port 22 > and be forwarded passed through to port 22. > > In a standard firewall situation that's a standard case scenario. > The wrinkle here is the traffic destination is the same box. > > How much more complicated does this become if I have 10,000 source addresses > that get the special treatment. > > The addresses would be a handful each from thousands of net blocks - think of > traffic from routers and switches getting the special treatment while traffic > from workstations, servers and such are passed through. > > -- > Michael Rasmussen > http://www.jamhome.us/ > Be Appropriate && Follow Your Curiosity > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
