- This topic is empty.
June 17, 2011 at 3:02 pm #43030kemMember
how can i set zeroshell to drop all incoming ssh connection but accept connection only from specified mac address ?
now, on a regular iptables :
iptables -A INPUT -p tcp –destination-port 22 -m mac –mac-source 00:0F:EA:91:04:07 -j ACCEPT
will resolve the problem, but not work if on SETUP->SSH, eth1 ( wan ) is not seted to accept connections on 22 port, the iptables looks like:
root@head root> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
SYS_INPUT all -- anywhere anywhere
SYS_HTTPS tcp -- anywhere anywhere tcp dpt:http
SYS_HTTPS tcp -- anywhere anywhere tcp dpt:https
SYS_SSH tcp -- * * tcp dpt:ssh !!!!!!!!! *** !!!!!!!!!!!
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh MAC 00:30:05:D0:A5:CE
even if i set “sequence to 1” on firewall the rules will by added under the line marked with !!!!!!!!! *** !!!!!!!, so will not work !
All suggestions are welcome, thank you!June 17, 2011 at 8:08 pm #51824AtroposXMember
Just putting it out there, haven’t tried it though…
Turn off SSH access in the setup, then add the firewall rule as rule #1. That way it will be on top, just a guess.June 19, 2011 at 5:12 pm #51825kemMember
if you add a rule as rule #1 will be under ssh rule, not on top !
if i use the shell :
iptables -I INPUT -p tcp –destination-port 22 -m mac –mac-source 00:30:05:d0:xx:xx -j ACCEPT
will be on top but still not working…. strange !October 8, 2011 at 9:21 am #51826suzanmarvelMember
I have just started ZeroShell and the console displays the commands menu, but I am actually not getting how to connect to the web interface to configure it?Help will be appreciated.December 15, 2011 at 3:18 pm #51827JCMember
@kem: Is the PC that you want to connect to ssh on the same network segment as the ZS box? Does the connection go through any routers before connecting to the ZS box? If there is even 1 router between the pc and ZS then the mac id’s are different but under the SSH setup you can limit the IP’s and interface for connection.
@suzanmarvel: you need to use a pc on your network connecting to the ip displayed on the cli screen, 192.168.0.75 by default, that is in front of you.
- You must be logged in to reply to this topic.