Hi,
I've spent the evening on this but I now admit defeat.
I am finding it very difficult to get ssh locked down so that connections can only be made in my lan. I've tried hosts.deny/allow, ssh_config and now ip tables and I've still not got a result.
I like the idea of using iptables as I can then extend that to other protocols to lock those down also.
So what I've done is flush my ip tables
Then I've put in the rules to accept traffic from lan address pool for ssh (1234 changed for my actual port)
iptables -A INPUT -i eth0 -p tcp -s 192.168.100.0/24 --dport 1234 -m state --state NEW,ESTABLISHED -j ACCEPT
Accept traffic for outbound ssh traffic
Drop ssh traffic attempts for everyone else
Now this freezes my shell, despite being connected on a lan address. Having read around I found the following command prevents my shell from freezing, but as soon as I end the session and try to reconnect I'm locked out.
From what I can tell all that does above is accept any connections that are already established (not v.useful to me).
Can anyone lend a hand with this?
Would be greatly appreciated.
Thanks