Koozali.org: home of the SME Server

Best way to modify iptable entries

valdis

Best way to modify iptable entries
« on: August 01, 2006, 03:16:36 AM »
TIA to iptable guru's.

Require remote access via ssh.
Issue being is when you open the port you are inundated with attempts to access the system and larger log file entries of login attempts.
To resove this requrie customised ssh by ip address, nothing special.
-A INPUT -s myipaddress -p tcp -m tcp --dport 22 -j accept

What is the best "sme server" way to achieve this, so that on reboots all is configured correctly

TIA

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Best way to modify iptable entries
« Reply #1 on: August 01, 2006, 09:52:32 AM »
valdis

> What is the best "sme server" way to achieve this, so that on reboots all is configured correctly

Configure custom templates, see
http://mirror.contribs.org/smeserver/contribs//gordonr/devguide/html/devguide.html#TEMPLATES

In simple terms you create the desired custom template fragment by copying and editing an existing fragment, or making a new one in the ..../templates-custom folder.
Then expand the particular template and the custom template contents will override the standard template and write to the config file.

I believe the template you want for iptables is
/etc/e-smith/templates/etc/rc.d/init.d/masq/....
Make a new one in
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/fragmentname
Expand with
expand-template /etc/rc.d/init.d/masq

Sorry I can't help you with iptable rules or which fragment to use though.
...

valdis

Best way to modify iptable entries
« Reply #2 on: August 02, 2006, 01:10:58 AM »
Thanks for the reply Ray.

Will have a read but as the machine is a live office firewall I will give this a shot when time becomes available.

Regards

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Best way to modify iptable entries
« Reply #3 on: August 10, 2006, 01:52:55 PM »
valdis

> Require remote access via ssh.
> Issue being is when you open the port you are inundated with attempts > to access the system...

The best way to achieve this is to upgrade to sme7 and then apply the db command to limit access to ssh to certain IP's. Search the forums on ssh for the commands/post.
Alternatively use public/private keys & disable ssh password access.
Also mentioned in the forums numerous times so search on ssh and public  private keys & for the howto.
...