On 8/10/06, James <[EMAIL PROTECTED]> wrote:
I need a rule on the 3 (nic) interface firewall so that only
ssh from the LAN is allowed to the firewall or sytems (web
server, mail dns) in the DMZ. Only one static ip is routable
to this site. SSH from the outside should be completely blocked.
Any ideas, examples or thoughts?
Just I guess as I haven't tried this:
---
IF_INTERNET=eth0
IF_DMZ=eth1
IF_LAN=eth2
# allow ssh connections from LAN to us
iptables -A INPUT -i $IF_LAN -p tcp --dport 22 -j ACCEPT
# allow routing of ssh connections from LAN to DMZ hosts
iptables -A FORWARD -i $IF_LAN -o $IF_DMZ -p tcp --dport 22 -j ACCEPT
# deny all other ssh connections
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A FORWARD -p tcp --dport 22 -j DROP
---
HTH,
-Richard
--
gentoo-user@gentoo.org mailing list
