IPTables - Block Internet Access To SSH (22) Except Verified IP's

Jul 1, 2007

I recently looked at my secure and mesaages log and have been getting a lot of failed SSH root login attempts. So I thought I better do something about it.

Ideally I want to allow SSH login from just 3 remote public IP's, and block all others from even trying

How would you go about implementing this?

I have tried using IPTables, but I think im getting the rule wrong somewhere.

Here is what I have:

Code:
## Access to SSH from Pre-approved IP Addresses ONLY ##

iptables -I INPUT 1 -p tcp --dport 22 -s 123.123.123.123 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 22 -s 123.123.123.124 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 22 -s 123.123.123.125 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 22 -s 0.0.0.0 -j DROP

However this still lets me login from IPs not in the list above?

View 8 Replies


ADVERTISEMENT

How To Block Port 25 Using IPtables?

Apr 13, 2009

For some reason, I want to block port 25 for temporary time while editing the exim config and open it back using iptables -F command.

Anyone can let me know the command to block port 25 using IPtables command.

View 14 Replies View Related

Iptables: Expiring Ip Block

Jul 15, 2009

I'm trying to figure out an iptables rule to block certain ips for a limited duration, after which the block rule will be removed.

hits to the iptables filter while the ip is blocked should not renew the timer.

i got as far as:

iptables -A INPUT -m recent --name blacklist --rcheck --seconds 10 -j REJECT
iptables -A INPUT -m recent --name blacklist --remove

but how do i blacklist an ip now ? (this needs to be done via external app and not via iptables matches/hitcounts)
iptables -A INPUT -s xxx.xxx.xxx.xxx -m recent --name blacklist --set
would renew the blacklist every time that ip sends a packet no matter if it is blocked or not. and also that rule would remain in iptables even when expired

View 5 Replies View Related

Iptables Block An IP Not Working

Apr 25, 2008

I use

iptables -I INPUT -s 60.216.238.212 -j DROP

To block ip, not working

After issue

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

I can still see

87 218.86.252.158
163 219.150.191.62
301 60.216.238.212

60.216.238.212 still has 301 connection, any idea.

Basically, I use ddos-deflate to block ddos attack.
I already set the max conection to 25.
But it seems not working.
all the connections over 25 have not been blocked.
Did I miss something?
I mean after I issue

iptables -I INPUT -s 60.216.238.212 -j DROP

Do I need to do something like refresh iptables?

View 0 Replies View Related

Iptables - Block Inbound & Outbound

Jun 20, 2007

What is the command I need to issue to block an IP address from my server? I need to block both inbound and outbound access.

I need the rule to append to existing rules so if the server is rebooted the rule will still be in effect.

View 9 Replies View Related

How Can Someone Access Files In My Pc Over Internet Using DW

Oct 12, 2009

i m a part of development team and i can't find way to test site url while defining website on DW when it says whats your site url. what the other guys r entering are my ip and folder name like [url]is this the right way?

View 7 Replies View Related

Access Webcam Over The Internet

Jan 16, 2007

I have a local webcam that I want to access it over the internet. I have a static IP from SBC (my internet service).

I connected the internet line directly to my router/modem/switch (all in one), my computer (192.168.1.100) to a port on the router/modem/switch, and my webcam (192.168.1.101) to another port on the router/modem/switch. I am able to access and view my webcam locally [url] from my home pc.

Now I want my friends to access and view my webcam over the internet. How do I configure it so I can access the webcam from [url]?

View 3 Replies View Related

Remote Desktop To Access My Vps Via Internet Using Mac Osx

Oct 16, 2009

does any one have any advice on choosing a free remote desktop which runs on mac osx to access my vps via the internet , which i recently acquired.

View 7 Replies View Related

Mobile Satellite Internet Access

Jun 19, 2007

I am interested if anybody knows who provides mobile satellite internet access?I would like to access the internet from anywhere in the world?. What are the costs? Do they have different speed plans?

View 1 Replies View Related

Apache :: XAMPP - Allow Access From Internet

Feb 29, 2012

I have XAMPP server which works fine. When I wanted to load webpages through my lan network it said I need to edit httpd-xampp.conf. When I try to load from internet there is no connection at all. I changed httpd-xampp.conf from this

Code :

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from 127.0.0.0/8
ErrorDocument 403 /error/HTTP_XAMPP_FORBIDDEN.html.var
</LocationMatch>

View 3 Replies View Related

Apache :: 2.0.64 - No Internet Access To Server

Oct 28, 2012

I recently installed Apache/2.0.64(win32)on my Windows 7 machine and am having a problem with external access. The installation appears to be good as it shows all services running and I can access a basic index.html file through 127.0.0.1

I have ruled out any router or firewall issues and am fairly sure the problem is with the httpd config. But the only changes I've made are to the NameServer and Listen directives, so I'm lost for an answer to the problem.

The NameServer is set to my actual IP address while the Listen one is set to my servers internal IP address, but I have tried switching them around with no success.

The other thing I don't know is if I need to have SQL and myPHP installed just to check basic functionality.

View 1 Replies View Related

SSH Access To My Server Only From IP Address IPtables

May 7, 2009

my question

i Have a server with centos and WHM cpanel , the last days i have read in the ssh log files (security) many failure logins from many IP adress

i read some about IPtables and everytime when i read in the log for an ip i block this Ip from IPtables , but this seems bad and boring exepiriance everyday.

so does anyone know the exact command for the IPtables , how to have access to my ssh ONLY from my ip address ?

my IP adress it is static and i want only from that ip to have access to the server and noone else from diferent ip

View 6 Replies View Related

Shared Hosting With Mysql Internet Access

Jan 14, 2009

I'm working with a non-profit and we're looking for an inexpensive hosting but we also need to be able to access MYSQL (port 3306) through the internet.

We use Crystal Reports and need to get to the database directly for reports.

View 12 Replies View Related

Using A VPS To Provide Internet Access Via ADSL Line

Jan 10, 2008

This might win me the "stupidest idea 2008" award but I was wondering..

I have an active ADSL line at home but I don't have an active account at an ISP.. Could I somehow get Internet access through my VPS (for a week or so, till my new ISP activates my account)?

View 6 Replies View Related

Block Access To My Servers From A Domain

Oct 16, 2009

Exist a domain (domain.fm), this domain receives constant DDoS attacks and the webmaster of domain.fm has pointed the domain to my server and the DDOS attack has been redirected to me.

Is it possible to block this domain?

I noticed that the webmaster of domain.fm only points the domain to
my server when attacked.

Yesterday my apache has been down for several hours.

I would like to block access to my servers from the domain domain.fm

View 6 Replies View Related

Apache :: Allow Access From Webserver - Block From HTTP

Mar 13, 2015

I want to run an HTML webpage that accesses an MP3 resource that's also on my website. However, I only want the webpage to have access to the file and block access from those attempting to access the file directly. That leaves me with two options:

1. Block access through the Apache configuration so that only my Webserver can access the resource, or

2. Hide the URL in the code.

How I can go about doing this?

View 1 Replies View Related

Block External Access To Cpanel Through Port 2082?

Jun 2, 2008

if it is possible to block external access to Cpanel through port 2082?

View 7 Replies View Related

Plesk 12.x / Linux :: How To Block Access To Default Website

Oct 21, 2014

I've seen a number of exploit attemps on the default website which I believe has come via direct access via ip address i.e http://xxx.xxx.xxx.xxx.I have tried to block with .htacess but it seems to be being ignore (possibly by parallels or nginx configuration).how I can block access to the default site to all but 127.0.0.1, server external ip and my ip?

View 19 Replies View Related

Apache :: Checksum Not Verified?

Apr 15, 2013

I downloaded the zip file httpd-2.4.4-win32.zip and ran winmd.exe. I checked the checksum value against those in the file online and they did not match.

View 2 Replies View Related

After Flush+zero Iptables, Will A New Iptables Ban Work

Jan 5, 2008

I execute the following commands, in the following order:

iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP

will that last command successfully ban that IP until reboot?

If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.

View 2 Replies View Related

550 "The Recipient Cannot Be Verified"

Jan 14, 2007

I've had a VPS for a couple of days, (Linux, cPanel), but however I try to set up email on the one account so far put on the server, all I get in response to sending test emails to it is

Quote:

550 "The Recipient Cannot Be Verified".

My host can send emails to the address and I receive them.

My host tells me that I need to switch off "Sender Verify" on the server relaying to the VPS, but surely that is not a good idea as it will reduce the spam protection that this feature provides?

What could cause this to happen?

I have not experienced this problem any of my other servers.

View 5 Replies View Related

Plesk 11.x / Windows :: How To Limit Access To Few IP Address To Access Port 8443 On Firewall

Aug 28, 2012

How can I allow only one ip or a list of ip addresses to access port 8443.I need to limit access this port to few ip addresses and not everyone

View 6 Replies View Related

IIS 5 - Cant Access Page From IE7 But Can Access From Firefox

Feb 20, 2008

I found a great little app called ID Shutdown Manager which bascially lets you do stuff like wake on LAN, Shutdown, Log Off etc.

The App also has a cgi script which you can call from a web server so you get a web interface to the program.

This is exactly my reason for getting the app as I just wanted to host a web page where I could login from the internet and wake on lan my media PC.

Ok so...

The app gives you all the iis or apache setup instructions and tells you to place the cgi script which is actually a .exe into the scripts folder and then enable basic authentication for it.

Done.

So if I navigate to <SERVER>/scripts/sdmancgi.exe its supposed to give me a user / pass prompt and then when login successful I see the app and can wake on lan etc.

ok I have got this to work

on the actual machine where server is running I can access it in IE7 by localhost etc.. and it works

However when I try to access from another PC in my lan by typing <SERVER>/scripts/sdmancgi.exe I get a nice little message saying the content cannot be displayed you may require to insall a program or something to display it.

If I try to access the page from firefox on same remote PC, it works!

I can also access page from outside my LAN, it works on my N95 browser.

Also I have had friends try it from firefox from the Internet and they say it works as well.

Forgot to mention I am running on port 8081 as I already have other servers running on 8080 and 80 (one is my router and the other server installed itself from setup.exe and I dont know what server its using)

I have also tried latest apache server as well as some other free one. Both have the same effect. Ok in firefox, not in IE.

One would think its a problem with the cgi file not compatible with IE7 however, I even tried to go to default page setup in IIS <SERVER>:8081 and I get the same message. So at this point the server hasnt even tried to access CGI or prompt for Basic Authentication.

I tried googling and not much luck. I read something about CSS and when I view source of failed web page from IE7 it mentions something about CSS so dont know if this is it?

View 4 Replies View Related

Iptables Gone

Aug 4, 2006

I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!

View 2 Replies View Related

How Many IPs Can I Add To IPtables ?

Jan 20, 2008

I need to block about 5000 IPs .. Is it possible to add this amount of IPs to iptables?

I mean ... Will this slow down the machine response?

View 7 Replies View Related

Iptables Or Apf?

May 24, 2007

What do you prefer or what do you think is better, iptables or apf for a firewall?

View 9 Replies View Related

Csf And Iptables

Apr 13, 2009

i install csf on centos,

my server is working but the network is unreachable,

i try to run "service iptables stop",

and the server is unreachable now,

i check from whm,it shows csf is working,

but i ssh the server and type "service iptables status",

it shows "firewall is stopped",

is it correct?

is not,how can i fix the issue?

View 11 Replies View Related

IPTables

Apr 10, 2009

Is there a way for me to whitelist myself or something?

I get up everyday and have to call LSN because my server has blocked me for some reason...

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved