I need to allow to login to Linux pc from particular IP addr only - Can I do that with IPtables command?

I have Linux machine at home, which I need to access remotely. I need
to allow to login to Linux pc from particular IP addr only - Can I do
that with IPtables command?.

This web page might give you some ideas.

http://www.itc.virginia.edu/unixsys/sec/hosts.html

On Sat, 28 Jan 2006 11:30:45 -0800, GS wrote:

> I have Linux machine at home, which I need to access remotely. I need
> to allow to login to Linux pc from particular IP addr only - Can I do
> that with IPtables command?.

Sure. What kind of login are you thinking of? SSH? Telnet? HTTP?
HTTPS?


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

d wrote:
> This web page might give you some ideas.
>
> http://www.itc.virginia.edu/unixsys/sec/hosts.html
>

Blocking with hosts.deny can be much too late if someone is exploiting a
security hole. (e.g. the SSH V1 exploit from a few years back.) My
personal take on this is
1) Only allow SSH through my hardware firewall. Nothing else. No
telnet, rlogin, ftp,...
2) Only allow SSH V2.
3) Use iptables to restrict access. (Before I did this, the number of
breakin attempts was scary.) Here is the relevant fragment:

-A INPUT -p tcp -m tcp --dport 22 --syn -j ssh-rules
# SSH rules.
-A ssh-rules -s 192.168.1.0/24 -j ACCEPT
-A ssh-rules -j DROP

Without a hardware firewall I would be much tougher on SYN packets.

I do telnet and ssh (both), if I add my outside hosts IP address in
hosts.allow, will it be OK?. I don't know how to login using http, can
I do with http just like how I do with ssh/telnet?. Thanks.

On 29 Jan 2006 11:12:23 -0800, GS wrote:
> I do telnet

I hope you know telnet login id and password is passed as clear text.
Suggest just using ssh, that also allows you to run gui applications
on your box with the display sent back to your box.

> and ssh (both), if I add my outside hosts IP address in
> hosts.allow, will it be OK?.

If /etc/hosts.deny has
ALL: ALL: <==== followed by a carriage return.

It would be even better if you poke a hole in your firewall which
allows only your ip address through for ssh.

"GS" <(E-Mail Removed)> writes:

> I do telnet and ssh (both), if I add my outside hosts IP address in
> hosts.allow, will it be OK?. I don't know how to login using http, can
> I do with http just like how I do with ssh/telnet?. Thanks.

With http, you generally type your url in a browser, eg.:

lynx http://your.host/

You can also use telnet to "log in" your http server:

telnet your.host 80


--
__Pascal Bourguignon__ http://www.informatimago.com/

NOTE: The most fundamental particles in this product are held
together by a "gluing" force about which little is currently known
and whose adhesive power can therefore not be permanently
guaranteed.

I looked into thi spage, thi stells me to add entry into /etc/hosts.all
and hosts.deny file.

if I add just an IP address of the external PC, in /etc/hosts.allow
file will it be Ok?.

On 29 Jan 2006 15:56:36 -0800, GS wrote:
> I looked into thi spage, thi stells me to add entry into /etc/hosts.all
> and hosts.deny file.

you put
ALL: ALL
in /etc/hosts.deny

And in /etc/hosts.allow
sshd: 68.192.220.199

> if I add just an IP address of the external PC, in /etc/hosts.allow
> file will it be Ok?.

I assume you have a carriage after each line and the firewall does not
block you.

For extra points, try doing a

man hosts.allow
man hosts.deny