0

I'm new to Ubuntu.

I have a dev test server at home, and we are working on it with a friend.

We use SSH, FTP, and also some port for mail, web, ect...

I want to allow only our ip from where we are working on this server :

  • Local network
  • IP from my office
  • IP from my friend
  • IP from my friend office (We work on the server from office for test too)

I've check the logs and I see a lot of try, some people try to login as root, this is why I want to allow only my friend and I to login. But as it's a Web server, we must keep Web and Mail ports open for incoming.

Not sure if I explain fine. How I can do that ? I already try iptable with no luck, still a lot of incoming connection and attempt to login as root.

Can you please let me know how I can proceed easy ?

Thanks and best regards, GP

gprime
  • 1
  • can you post the output of sudo iptables -L (it will list all of your current iptables rules) – captainGeech Aug 20 '17 at 14:34
  • Thanks for your reply :-) iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
    DROP all -- 58.218.198.145 anywhere

    Chain FORWARD (policy ACCEPT) target prot opt source destination

    Chain OUTPUT (policy ACCEPT) target prot opt source destination As you can see I already try to block an IP... Because I see more than 65000 try to connect as root.

     – gprime Aug 21 '17 at 11:30

1 Answers1

0

For your scenario you need setup iptables rules for this . Also you can user firewalld which is rich command for managing firewall in Linux . I'll explain iptables here .

Iptables is for ipv4/ipv6 packet filtering for Linux kernel . In iptables there are three default tables which each of them contain three default chains :

  1. Input
  2. Output
  3. Forward

Iptables command is following with different options . For your scenario as an example you need to write following commands :

$ iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -s x.x.x.x -j ACCEPT
$ iptables -A INPUT -j DROP

These commands only accept ssh connection from port 22 from IP x.x.x.x and every incoming packets will be drop . You can do it for any IP and any Ports you want to server answer . For incoming packets that you don't know which states are use RELATED and INVALID in --state .

You should notice that iptables is sequential rule order . As an example if you block every thing then accept some then you wouldn't get any result because when incoming packet match any rule other rules wouldn't be considered .

Ali Ghasempour
  • 439
  • Thanks for your reply, I added the IP from my local computer + from my office for the moment. Now I see that the hackers connection attemps states are in SYN_SENT so it works ! Now if I want to add more IP to allow for SSH, can I do again iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -s x.x.x.x -j ACCEPT ? Even if i already set iptables -A INPUT -j DROP ? – gprime Aug 21 '17 at 11:38
  • Your welcome . So delete the last line which should your DROP action . You can find line number with iptables -L --line-numbers then delete with iptables -D line-number . After that add other IPs you want to add with -A option . Whenever you entered all rules then add DROP action . – Ali Ghasempour Aug 21 '17 at 13:09