ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

restrict SSH to some IPs

https://mail.forum.configserver.com/viewtopic.php?t=1155

Page 1 of 1

restrict SSH to some IPs

Posted: 20 Mar 2008, 15:27
by wdt
Is it possible to configure in csf a list of IPs that are allowed to access SSH and block all the others? I think this is better that changing the SSH port.

In my old iptables script I have a line like this:

Code: Select all

-A INPUT -s x.x.x.x -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
Thanks for your great firewall!

Posted: 20 Mar 2008, 16:10
by chirpy
Yes. Remove port 22 from the TCP_IN list and then add to csf.allow the IP's you want to allow access using the advanced port configuration. For example, to allow 11.22.33.44 and 11.22.33.55 add to csf.allow:

tcp:in:d=22:s=11.22.33.44
tcp:in:d=22:s=11.22.33.55

Then restart csf. Make sure your connected IP address is listed otherwise you'll be locked out!

Posted: 23 Mar 2008, 16:53
by wdt
It works fine, thank you!
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited