13,420
edits
Changes
no edit summary
# Make a backup of the original default rules: <source lang='bash'>cp /etc/sysconfig/iptables /etc/sysconfig/iptables.original</source>
# Stop libvirtd and restart iptables so that you have only the minimal default rules.
# Use the ifconfig or ip address command to determine the IP ADDRESS of your external facing address (i.e. IP address beginning with 10.x.x.x).
#H Find a partner to ping your external facing IP address. Was your partner successful? (it should have worked)
# Change the '''default policy''' on the '''INPUT''' and '''FORWARD''' chains in the filter table to '''DROP'''.
# Remove the rules from the '''INPUT''' and '''FORWARD''' chains (if any) that are '''rejecting''' all traffic (we are now better protected by the ''default policy'').<br><br>We will now create a new chain in order to create rules just relating to the '''ssh''' service:<br><br>
# Create a new chain named '''MYSSH''' in the filter table. Refer to notes or other resources to learn now to name a chain.
# Add a rule to the '''INPUT''' chain of your filter table that sends all '''ssh''' traffic to your '''MYSSH''' chain. '''Make sure this new rule follows (not preceeds) the RELATED,ESTABLISHED rule, so it doesn't apply to existing connections.!'''
#* '''Note:''' Use '''--jump''' or '''-j''' (<u>not</u> -g or --goto) to move to a target.
# Add a rule to your '''MYSSH''' chain to accept all traffic on your virtual interface from '''192.168.X.0/24''' (i.e. your internal network).