[Firehol-support] restrict ssh, allow all others?

Andrew Schulman andrex at alumni.utexas.net
Wed Feb 24 10:51:52 GMT 2010

> Is there a way to make a firehol config that will let me allow only a few 
> specific IPs to connect to ssh, but then leave all other ports open?
> As best I can tell there's only 2 ways to configure firehol:
> Option 1:
>    client all accept
>    server all accept
> (which does not permit me to restrict ssh to certain IPs)
> or Option 2:
>    to manuall allow each individual service one at a time, for every port.
> I need a method that will let me restrict ssh while leaving the rest open.
> Is that possible?

server ssh accept src x.x.x.x
server ssh accept src y.y.y.y
server ssh reject
server all accept

The rules are followed in order down the chain, with the first one that applies
taking effect.  So I believe this will do what you want.

More information about the Firehol-support mailing list