A INPUT -s MAIN_OFFICE_IP /32 -i eth0 -p tcp –dport 22 -m comment –comment “accept ssh from the main offic e ” -j ACCEPT We might start with a FILTER INPUT chain that contains something like: For example: a remotely hosted server that initially only needed ssh access from one or two addresses, but ends up supporting dozens over time. We frequently find ourselves (at least I have) managing growing lists of iptables rules that show no sign of finalizing. They support a number of content types, but we will be looking at the two most basic and commonly useful: IP addresses and networks. In Linux, ipsets are structures inside kernel space that can be used to tidy up long lists of iptables rules and increase performance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |