www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

SSH only from specified MAC

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Firewall, Traffic Shaping and Net Balancer
View previous topic :: View next topic  
Author Message
kem



Joined: 07 Jun 2011
Posts: 5

PostPosted: Fri Jun 17, 2011 3:02 pm    Post subject: SSH only from specified MAC Reply with quote

hello,

how can i set zeroshell to drop all incoming ssh connection but accept connection only from specified mac address ?

now, on a regular iptables :

iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT

will resolve the problem, but not work if on SETUP->SSH, eth1 ( wan ) is not seted to accept connections on 22 port, the iptables looks like:

Code:
root@head root> iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
SYS_INPUT  all  --  anywhere             anywhere
SYS_HTTPS  tcp  --  anywhere             anywhere            tcp dpt:http
SYS_HTTPS  tcp  --  anywhere             anywhere            tcp dpt:https
SYS_SSH    tcp  --  *             *            tcp dpt:ssh   !!!!!!!!!  *** !!!!!!!!!!!

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh MAC 00:30:05:D0:A5:CE


even if i set "sequence to 1" on firewall the rules will by added under the line marked with !!!!!!!!! *** !!!!!!!, so will not work !

All suggestions are welcome, thank you!
Back to top
View user's profile Send private message
AtroposX



Joined: 26 Nov 2008
Posts: 155
Location: USA

PostPosted: Fri Jun 17, 2011 8:08 pm    Post subject: Reply with quote

Just putting it out there, haven't tried it though...

Turn off SSH access in the setup, then add the firewall rule as rule #1. That way it will be on top, just a guess.
Back to top
View user's profile Send private message
kem



Joined: 07 Jun 2011
Posts: 5

PostPosted: Sun Jun 19, 2011 5:12 pm    Post subject: Reply with quote

if you add a rule as rule #1 will be under ssh rule, not on top !

if i use the shell :

iptables -I INPUT -p tcp --destination-port 22 -m mac --mac-source 00:30:05:d0:xx:xx -j ACCEPT

will be on top but still not working.... strange !
Back to top
View user's profile Send private message
suzanmarvel



Joined: 08 Oct 2011
Posts: 1

PostPosted: Sat Oct 08, 2011 9:21 am    Post subject: Reply with quote

I have just started ZeroShell and the console displays the commands menu, but I am actually not getting how to connect to the web interface to configure it?Help will be appreciated.


Electrical Chokes
Back to top
View user's profile Send private message
JC



Joined: 21 Apr 2008
Posts: 89

PostPosted: Thu Dec 15, 2011 3:18 pm    Post subject: Reply with quote

@kem: Is the PC that you want to connect to ssh on the same network segment as the ZS box? Does the connection go through any routers before connecting to the ZS box? If there is even 1 router between the pc and ZS then the mac id's are different but under the SSH setup you can limit the IP's and interface for connection.

@suzanmarvel: you need to use a pc on your network connecting to the ip displayed on the cli screen, 192.168.0.75 by default, that is in front of you.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Firewall, Traffic Shaping and Net Balancer All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group