Login Node IPTABLES
Jump to navigation
Jump to search
Iptables firewall for login nodes
- File: /etc/cfm/login/etc/sysconfig/iptables
SSH Port 22 Access only
# UEA Login Node Access - SSH Only *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [39177:360228548] -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -j ACCEPT COMMIT
Restrict SSH Access to Certain Subnets
# Subnet: -A INPUT -i eth1 --source 194.74.153.65/255.255.240.0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # Another Subnet Example -A INPUT -i eth1 --source 148.88.134.0/24 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # Allow certain IP -A INPUT -i eth1 --source 194.80.35.30 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT