Iptables is the user space tool used to configure the packet filtering and NAT rules within the kernel.
Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which specifies what to do with a packet that matches.
iptables -A INPUT -p tcp --dport 22 -s 192.168.10.160 -j REJECT
This command appends a chain to the table FILTER and chain INPUT, the rule instructs to drop all the tcp packets coming to port 22 from machine 192.168.10.160.
iptables –N SSH
iptables –A SSH –p tcp –s 192.168.10.160 –j LOG
iptables –A SSH –p tcp –s 192.168.10.160 –j REJECT
iptables –A SSH –j ACCEPT
iptables –A INPUT –p tcp --dport 22 –j SSH
This set of commands creates an SSH chain and add set of rules to it. It tells to LOG and REJECT the connection coming from 192.168.10.160, and to ACCEPT all the other connections.
Finally all the tcp packets to the port 22 reaching FILTER table and INPUT chain are forwarded to SSH chain.
Reference:
http://www.frozentux.net/iptables-tutorial/chunkyhtml
No comments:
Post a Comment