nguyen | 
05 23rd, 2007| 
Source qoute from [http://www.initzero.it/products/opensource/sarg-reports/download/sarg-reports]
Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services.
Use iptables to Restrict ssh access
Following is simple rule that block all incoming ssh access at port 22
iptables -A INPUT -p tcp -s 0/0 –sport 513:65535 -d 195.55.55.78 –dport 22 -m state –state NEW,ESTABLISHED -j DROP
However in real life you need to use something as follows. Let us assume that your ssh server IP address is 195.55.55.78, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules:
iptables -A INPUT -p tcp -s 0/0 –sport 513:65535 -d 195.55.55.78 –dport 22 -m state –state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 –sport 22 -d 0/0 –dport 513:65535 -m state –state ESTABLISHED -j DROP
If you just want to deny access to group of IPS then you need to add following rules to your script:
IPS=”202.54.1.20 64.66.44.22 64.66.44.25″
for i in $IPS
do
iptables -A INPUT -p tcp -s 0/0 -s $i –sport 513:65535 -d 195.55.55.78 –dport 22 -m state –state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 –sport 22 -d $i –dport 513:65535 -m state –state ESTABLISHED -j DROP
done
Add all of above rules to your iptables firewall shell script (do not type @ shell prompt)
See also:
* Restrict ssh access using tcpd (TCPWrapper)
Source from http://www.cyberciti.biz/faq/restrict-ssh-access-use-iptable/
In order to block an IP on your Linux server you need to use iptables firewall. First you need to log into shell as root user. To block IP address you need to type iptables command as follows:
iptables -A INPUT -s IP-ADDRESS -j DROP
Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows:
# iptables -A INPUT -s 65.55.44.100 -j DROP
If you have IP tables firewall script, add above rule to your script.
If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command:
# iptables -A INPUT -s 65.55.44.100 -p tcp –destination-port 25 -j DROP
The above rule will drop all packets comming from IP 65.55.44.100 to port mail server port 25.