SSH iptables rule

Question

Can someone please help me to understand why we should set ssh iptables INPUT rule destination port instead of source port?
why
SSH - iptables -A INPUT -p tcp -s tunnel1private_IP –dport 22 -i eth1 -j ACCEPT

not
iptables -A INPUT -p tcp -s tunnel1private_IP –sport 22 -i eth1 -j ACCEPT

because for http or https, we set:
iptables -A INPUT -p tcp -s <some-ip-address> –sport 80 -j ACCEPT

not
iptables -A INPUT -p tcp -s <some-ip-address> –dport 80 -j ACCEPT

Answer 1

unixynet September 26, 2018

INPUT is a chain that deals with incoming requests. So you have to shift your perspective to that of someone on the receiving end - the SSH server. I get an external packet from SRCIPA, SRCPORTA to connect to me at DSTIPB, DSTPORTB. So when you have this INPUT rule:

SSH - iptables -A INPUT -p tcp -s tunnel1private_IP --dport 22 -i eth1 -j ACCEPT

You care about where this packet is coming, which is SRCIPA (tunnel1privateIP) and what port it wants to connect to DSTPORT_B (22).

Why would you care about the SRCPORTA at all? SRCPORTA is a random non-privileged port used by the SSH client to initiate communication with the DSTPORTB - the SSH server.

Once you shift your mind perspective and get some practice with it, it’ll start clicking.

Reply Report

mefav September 29, 2018

thanks for the explanation. I think previously I don’t really get how ssh work.
Reply Report

Answer 2

mefav September 29, 2018

thanks for the explanation. I think previously I don’t really get how ssh work.
Reply Report

Related

Question

SSH iptables rule

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

SSH iptables rule

Related

Leave a comment

Related

question

Server Reject with Ubiquiti Cloud Controller on Ubuntu

question

How to restrict number of hits at a time to my server with ubuntu ?

question

Port 80 failed: Connection refused

question

some random ip from india is trying to ssh into my ip all day??

Looking for something else?