Results 1 to 5 of 5
I was reading a site about firewalls and SSH. They : iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p udp --sport 22 -j ACCEPT I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-17-2007 #1
firewall and SSH , also ftp user question
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p udp --sport 22 -j ACCEPT
I am looking on google.... I guess I have the udp port out open since it is related and established . (?) ( I know you don't have my script for the firewall but if you know the principle )
but is that right? Where is the info on the return path for SSH? I can not find information on the protocol.
using vsftp, can I have both anon and user accounts at the same time but have seperate directories as default for each?
It would be on my web server where I want to have a restricted user access to update the web page and I want to allow anon ftp for at least downloads but have them charoot jailed in the ftp folder while letting the restricted user the ability to go both places.
So far it seems only one user can "own" the service so I either lock the restricted in the ftp folder or the restricted cannot log in because it is anon set up.
Suse install with a path such:
- 02-17-2007 #2
- Join Date
- Oct 2006
what error do you get when trying to SSH to your computer?
SSH outbound should be tcp as well--Erik
- 02-18-2007 #3
Thank you for the reply
I get no error myself, I have just been Googleing firewalls and such when I noticed that sites rules for SSH. It is part of what makes this so hard, you never know if the info is accurate or, worse than a blind alley.
Looking further, I wonder, assume, figgure, it must be that SSH can also be used over udp as well like ftp, just not the best way if you want to depend on what you are doing.
I wrote my firewall a few months ago and I keep looking to make sure it is as good ( not just secure ) as it can be. If there is needed information over udp for ssh and I was missing it, slowing the progress down, I wanted to correct that.
I have searched so many sites and forums and books to get answers. Almost none of them "have it all". The last site I was on about DNS kinda missed telling the part about setting up zone files. The book I got, been good one so far "Linux Quick Fix Notebook" also shows view internal and view external sections for named.conf, one key aspect I really need. Have not seen that on many sites at all.
- 02-19-2007 #4
- Join Date
- Oct 2006
i would think that minimal is better, so i would personally block 22 UDP. actually, block in all, which you are probably doing. ive only written pf.conf's for OpenBSD.--Erik
- 02-19-2007 #5
Thank you, I agree about UDP. I sat down to retrace my steps. My default filter rules are drop, I have to accept what traffic I want, UDP 22 is not accepted.