I have a linux machine (turnkey core 14.2) with two network cards.
eth0
is a public ip, WAN (let's call it 123.123.123.123
).
eth1
is my network, LAN.
I would like to block SSH
from the WAN with iptables
.
I use the command
sudo iptables -A INPUT -p tcp -s 123.123.123.123 --dport 22 -j DROP
If I then write
sudo iptables -L
I get the answer
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 123.123.123.123 anywhere tcp dpt:ssh
Problem is that I'm not blocked if I use PuTTY
to connect to 123.123.123.123.
Any idea what I'm doing wrong?
You are matching traffic by source address (-s
option), instead of destination address (-d
option), which is why your rule doesn't drop any traffic from other hosts.
You can also match by input interface (instead of address) with -i
option. For example to drop all incoming traffic to port 22 for eth0:
iptables -A INPUT -i eth0 -p tcp --dport 22 -j DROP
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments