Ssh – iptables – allow connections only from LAN

iptableslocal-area-networksshwide-area-network

Is there a way to deny all external traffic (WAN) to SSH and allow only local traffic (192.168.0.1 to 192.168.0.255) and what would be the rule?

Best Answer

iptables -A INPUT -p tcp -m state --state NEW --source 192.168.0.1/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

Related Solutions

Iptables – only allow LAN connections to server

Suppose your LAN is 192.168.2.0/24. Run

sudo ufw enable
sudo ufw allow from 192.168.2.0/24

It seems that that by default ufw allows outbound so this would not affect your ability to download files from the Internet. After these commands are executed run sudo iptables -L -v -n and post the output and I'll tell you for certain.

See https://help.ubuntu.com/10.04/serverguide/C/firewall.html and http://manpages.ubuntu.com/manpages/lucid/en/man8/ufw.8.html for more info.

Iptables – Only Allow Localhost Access

If by service you mean a specific port, then the following two lines should work. Change the "25" to whatever port you're trying to restrict.

iptables -A INPUT -p tcp -s localhost --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP

Best Answer

Related Solutions

Iptables – only allow LAN connections to server

Iptables – Only Allow Localhost Access

Related Topic