[Klug-general] Hiding Port 22 on an SSH based VPN
Karl Lattimer
karl at qdh.org.uk
Mon Apr 2 19:54:02 BST 2007
On 2 Apr 2007, at 19:37, Peter wrote:
> I run a small private network over the Internet using SSH based
> commands
> on Port 22. This port is permanently open to the rest of the Internet.
> Is there a simple way of hiding it except for my own computers.
>
> I've looked at iptables and various firewall applications but they are
> all so complicated for a one off job.
off the top of my head...
iptables -A INPUT -s 192.168.0.1/24 -p tcp -m state --state
NEW,ESTABLISHED,RELATED --dport 22 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22
-j REJECT --reject-with icmp-host-unreachable
replace 192.168.0.1/24 with your network range.
You may need to double up on the -p and have udp too, not sure
whether ssh requires it.
Unfortunately the various firewall applications you mention, are all
front ends to iptables, iptables hooks into netfilter in the kernel
(also known as iptables, although iptables is the userspace command
to access the netfilter hooks). once you get the hang of it, iptables
is actually pretty simple, and hellishly flexible...
K,
More information about the Kent
mailing list