SSH only from specified MAC

Forums Network Management Firewall, Traffic Shaping and Net Balancer SSH only from specified MAC

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #43030


    how can i set zeroshell to drop all incoming ssh connection but accept connection only from specified mac address ?

    now, on a regular iptables :

    iptables -A INPUT -p tcp –destination-port 22 -m mac –mac-source 00:0F:EA:91:04:07 -j ACCEPT

    will resolve the problem, but not work if on SETUP->SSH, eth1 ( wan ) is not seted to accept connections on 22 port, the iptables looks like:

    root@head root> iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    SYS_INPUT all -- anywhere anywhere
    SYS_HTTPS tcp -- anywhere anywhere tcp dpt:http
    SYS_HTTPS tcp -- anywhere anywhere tcp dpt:https
    SYS_SSH tcp -- * * tcp dpt:ssh !!!!!!!!! *** !!!!!!!!!!!

    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh MAC 00:30:05:D0:A5:CE

    even if i set “sequence to 1” on firewall the rules will by added under the line marked with !!!!!!!!! *** !!!!!!!, so will not work !

    All suggestions are welcome, thank you!


    Just putting it out there, haven’t tried it though…

    Turn off SSH access in the setup, then add the firewall rule as rule #1. That way it will be on top, just a guess.


    if you add a rule as rule #1 will be under ssh rule, not on top !

    if i use the shell :

    iptables -I INPUT -p tcp –destination-port 22 -m mac –mac-source 00:30:05:d0:xx:xx -j ACCEPT

    will be on top but still not working…. strange !


    I have just started ZeroShell and the console displays the commands menu, but I am actually not getting how to connect to the web interface to configure it?Help will be appreciated.

    Electrical Chokes


    @kem: Is the PC that you want to connect to ssh on the same network segment as the ZS box? Does the connection go through any routers before connecting to the ZS box? If there is even 1 router between the pc and ZS then the mac id’s are different but under the SSH setup you can limit the IP’s and interface for connection.

    : you need to use a pc on your network connecting to the ip displayed on the cli screen, by default, that is in front of you.

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.