112. How do I set firewall rules in Linux to block SSH?
This is an example on how to set firewall rules in Linux. The command iptables below first open incoming on port 22/tcp (SSH) for the university network and then drop all other.
The first command (iptables) adds a rule (-A) to the input-chain (INPUT) for protcol tcp (-p tcp) on the incoming (--destination-port) port 22 for SSH (22) which has a source (-s) from the university (130.238/16) that it should accept the packets (-j ACCEPT).
The second command just drops everything else.
# iptables -A INPUT -p tcp --destination-port 22 -s 130.238/16 -j ACCEPT # iptables -A INPUT -p tcp --destination-port 22 -j DROP
How to save the rules is different between different distributions. In CentOS 7 I use the command service iptables save. In Ubuntu/Debian, install the package iptables-persistent and then run the command iptables-save > /etc/iptables/rules.v4. Reboot computer to see that the firewall rules stick.
To see the current firewall rules run this command:
# iptables -L -n
Also, to limit which accounts can login via SSH you can use the AllowUsers keyword in /etc/ssh/sshd_config like this:
AllowUsers myaccount
To allow more users:
AllowUsers firstaccount secondaccount
Restart or reload sshd or restart computer to use the new configuration for sshd.
Read more about iptables at the Netfilter homepage.