<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1491" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>We want to restrict
ssh access to ip addresses 1.1.1.1 and 2.2.2.2</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>We think the
iptables commands to do this are:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>iptables -A INPUT -s
1.1.1.1 -p tcp --dport ssh -j ACCEPT</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>iptables -A INPUT -s
2.2.2.2 -p tcp --dport ssh -j ACCEPT</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>So we entered the
above.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>Now how to we
prevent any other ip address from using ssh?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>We think the
iptables command would be</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>iptables -A INPUT
--dport ssh -j DROP</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>But since we already
entered the first two rules in, how do we place the 3rd rule in after rules 1
and 2 so that we don't accidentally block all remote access to
ssh?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>Any suggestions
would be helpful.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005>Thanks,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=250312501-25022005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=250312501-25022005>John (iptables
newbie)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV class=Section1>
<P><SPAN style="mso-fareast-font-family: SimSun"><?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" /><o:p><FONT face=Arial
size=2></FONT></o:p></SPAN> </P></DIV>
<DIV> </DIV></BODY></HTML>