[Klug-general] Hiding Port 22 on an SSH based VPN

Karl Lattimer karl at qdh.org.uk
Mon Apr 2 19:54:02 BST 2007

On 2 Apr 2007, at 19:37, Peter wrote:

> I run a small private network over the Internet using SSH based  
> commands
> on Port 22. This port is permanently open to the rest of the Internet.
> Is there a simple way of hiding it except for my own computers.
> I've looked at iptables and various firewall applications but they are
> all so complicated for a one off job.

off the top of my head...

iptables -A INPUT -s -p tcp -m state --state  
iptables -A INPUT -s -p tcp -m state --state NEW --dport 22  
-j REJECT --reject-with icmp-host-unreachable

replace with your network range.

You may need to double up on the -p and have udp too, not sure  
whether ssh requires it.

Unfortunately the various firewall applications you mention, are all  
front ends to iptables, iptables hooks into netfilter in the kernel  
(also known as iptables, although iptables is the userspace command  
to access the netfilter hooks). once you get the hang of it, iptables  
is actually pretty simple, and hellishly flexible...


More information about the Kent mailing list