iptables restrict ssh session by mac address

linux ssh iptables
7,409

I see the problem from your output result:

Chain INPUT (policy ACCEPT)

Your system iptables default INPUT chain rule policy is ACCEPT, it does affect your inputed MAC only. So please change its default policy to DROP.

#iptables -P INPUT DROP

Now you can test again. Your computer can be accessed through allowed MAC only.

Share:
7,409

Related videos on Youtube

maneeshshetty
Author by

maneeshshetty

Updated on September 18, 2022

Comments

  • maneeshshetty
    maneeshshetty over 1 year

    I'm in the process of restricting access to my Linux production box, where ssh access needs to be limited to only a few MAC addresses.

    I've followed the instructions outlined in this guide and ran the following two commands:

    /sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
/sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

    root@xxxx:~/#: iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            MAC XX:XX:XX:XX:XX:XX
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh MAC XX:XX:XX:XX:XX:XX

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

    However I am still able to access the machine from other MAC addresses. Am I missing any steps to get this configured?

    • xciter
      xciter almost 13 years
      Why would you do it from a MAC address since they can easily be spoofed?
    • maneeshshetty
      maneeshshetty almost 13 years
      So, are there any other best options to do it?
    • mrverrall
      mrverrall almost 13 years
      How about IP address?
    • maneeshshetty
      maneeshshetty almost 13 years
      My ipaddress are leased by DHCP server for 2 days. So if someone goes for vacation, then it will be problem for me.
    • maneeshshetty
      maneeshshetty almost 13 years
      Can we do it wit the hostname on hosts.allow file. Any direction?
    • Doug Harris
      Doug Harris almost 13 years
      If your primary goal is limiting access, how about requiring SSH keys and disabling password authentication?
    • xciter
      xciter almost 13 years
      I agree with the previous comment. I also suggest to increase the verification delay for the log-in procedure.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to forward http request to a proxy server?
Cant SSH into server, not responding
iptables NAT doesn't preserve remote IP
How do I block every connection except vpn and ssh without endangering the state of my vps?
Linux: Can I monitor all http connections to my site live? like tail -f /file/log.log only for http connections?
iptables to allow only ssh and https
How to allow SSH only from local network via iptables
SSH whitelist 2 addresses
Can ping but can't connect (curl, wget, apt-get, etc.) (rasberry pi server)
Direct ALL android traffic through SSH tunnel