Tuesday, September 4, 2007

Allowing ssh access with iptables.

This post describes how you can allow incoming ssh connections from a certain IP address, using iptables.

First of all, the current list of iptables rules can be viewed with the command
iptables --list

A new rule to allow access from the IP 100.100.100.100 can be appended to this list with the command

sudo iptables -A INPUT -p tcp -s 100.100.100.100 --dport 22 -j ACCEPT
As it can be seen from the command above, root access is required to alter the iptables.

However, in my case this didn't work, because the rule was appended to the end of the list, which means that it was preceded by a DROP rule that blocked ssh access to all IP addresses that did not explicitly have an ACCEPT rule. So, I had to add the rule further up in the list. This can be achieved with the -I switch.

sudo iptables -I INPUT 11 -p tcp -s 100.100.100.100 --dport 22 -j ACCEPT
In the example above, the rule will be added to the 11th position in the list.

1 comment:

noname said...

swpa re, kai toso kairo de mporousa na xrhsimpoihsw iptables... :p