Salut, am si eu o problema cu regulile la sshd. Mi-am facut un firewall,
tot ce vreau merge bine inafara de sshd. Daca un user da ssh din afara
il rejecteaza, iar daca dau ssh din inauntru in afara merge.
Regulile sunt urmatoarele :
Mai intai :
default policy pt input si output e reject - si asa tre sa ramana
apoi reguli pt ssh client si server :
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE
$UNPRIVPORTS
-d $ANYWHERE 22 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE 22
-d $ANYWHERE $UNPRIVPORTS -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE $SSH_PORTS
-d $ANYWHERE 22 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE 22
-d $ANYWHERE $SSH_PORTS -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE 22 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -d $ANYWHERE 22 -j ACCEPT
Unde:
ANYWHERE="any/0"
PRIVPORTS="0:1023"
UNPRIVPORTS="1024:65535"
SSH_PORTS="1022:1023"
Puteti sa-mi ziceti si mie unde-i baiu' ca mie mi se par corecte
regulile pt server.
Thx!
--
----------------------------------------------------------
Imagination is the only weapon in the war against reality.
Sysadmin - Computer Science Highschool - IASI *
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
