For the time being, until I finish hardening my server, which is running CentOS 7 (7.4.1708 Core), I'd like to limit incoming access to the local area network only, except for a certain program or two (such as QBittorrent).
For the SSH server, I've modified /etc/ssh/sshd_config and changed the ListenAddress to the private IP address of my brbond1 interface, 192.168.2.16.
I then restarted sshd be running systemctl restart sshd
systemctl status sshd shows that it's listening on 192.168.2.16.
I run iptables -L and see:
Code: Select all
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:51413 ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:51413 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:<custom SSH port> ctstate NEW
I've been using the firewall GUI in Gnome to configure the firewall, but I wonder if the iptable should be configured differently to state that it should only accept from the local area network right now...
How would I go about using that firewall GUi in Gnome to tell it I only want it to allow SSH connections from the local network? I see for Configuration: Permanent -> Services, there's a Destination tab, which states:
Code: Select all
If you specify destination addresses, the service entry will be limited to the destination address and type. If both entries are empty, there is no limitation.
Thanks!