In my old iptables script I have a line like this:
Code: Select all
-A INPUT -s x.x.x.x -i eth0 -p tcp -m tcp --dport 22 -j ACCEPTrestrict SSH to some IPs
restrict SSH to some IPs
Is it possible to configure in csf a list of IPs that are allowed to access SSH and block all the others? I think this is better that changing the SSH port.
In my old iptables script I have a line like this:
Thanks for your great firewall!
In my old iptables script I have a line like this:
Yes. Remove port 22 from the TCP_IN list and then add to csf.allow the IP's you want to allow access using the advanced port configuration. For example, to allow 11.22.33.44 and 11.22.33.55 add to csf.allow:
tcp:in:d=22:s=11.22.33.44
tcp:in:d=22:s=11.22.33.55
Then restart csf. Make sure your connected IP address is listed otherwise you'll be locked out!
tcp:in:d=22:s=11.22.33.44
tcp:in:d=22:s=11.22.33.55
Then restart csf. Make sure your connected IP address is listed otherwise you'll be locked out!