Stealthing Port 22 in iptables

Roger Grosswiler roger at gwch.net
Thu Apr 28 05:54:42 UTC 2005


Hi,

Is this correct, that those rules just open port 22 for ip-adress 
192.168.3.1 or 192.168.2.0/24, so this ip-adress(es) only can access 
ssh-services and the rest sees it as blocked?

iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 
192.168.3.1 --dport 22 -j ACCEPT

Would this open it for a whole subnet 192.168.2.0/24?

iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 
192.168.2.0/24 --dport 22 -j ACCEPT


...and does a combination of both work? can i only start this with an 
additional shell-script, as if i would call system-config-securitylevel 
it would overwrite this config?

This would be a good idea, having 'stealth port' clicked in 
system-config-securitylevel too...

Thanks a lot,
Roger




More information about the fedora-list mailing list