SSH only from specified MAC

This topic contains 3 replies, has 0 voices, and was last updated by  kem 7 years, 6 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #43030

    kem
    Member

    hello,

    how can i set zeroshell to drop all incoming ssh connection but accept connection only from specified mac address ?

    now, on a regular iptables :

    iptables -A INPUT -p tcp –destination-port 22 -m mac –mac-source 00:0F:EA:91:04:07 -j ACCEPT

    will resolve the problem, but not work if on SETUP->SSH, eth1 ( wan ) is not seted to accept connections on 22 port, the iptables looks like:

    root@head root> iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    SYS_INPUT all -- anywhere anywhere
    SYS_HTTPS tcp -- anywhere anywhere tcp dpt:http
    SYS_HTTPS tcp -- anywhere anywhere tcp dpt:https
    SYS_SSH tcp -- * * tcp dpt:ssh !!!!!!!!! *** !!!!!!!!!!!

    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh MAC 00:30:05:D0:A5:CE

    even if i set “sequence to 1” on firewall the rules will by added under the line marked with !!!!!!!!! *** !!!!!!!, so will not work !

    All suggestions are welcome, thank you!

    #51824

    AtroposX
    Member

    Just putting it out there, haven’t tried it though…

    Turn off SSH access in the setup, then add the firewall rule as rule #1. That way it will be on top, just a guess.

    #51825

    kem
    Member

    if you add a rule as rule #1 will be under ssh rule, not on top !

    if i use the shell :

    iptables -I INPUT -p tcp –destination-port 22 -m mac –mac-source 00:30:05:d0:xx:xx -j ACCEPT

    will be on top but still not working…. strange !

    #51826

    suzanmarvel
    Member

    I have just started ZeroShell and the console displays the commands menu, but I am actually not getting how to connect to the web interface to configure it?Help will be appreciated.

    Electrical Chokes

    #51827

    JC
    Member

    @kem: Is the PC that you want to connect to ssh on the same network segment as the ZS box? Does the connection go through any routers before connecting to the ZS box? If there is even 1 router between the pc and ZS then the mac id’s are different but under the SSH setup you can limit the IP’s and interface for connection.

    @suzanmarvel: you need to use a pc on your network connecting to the ip displayed on the cli screen, 192.168.0.75 by default, that is in front of you.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.