• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Linux IPTables - SSH Filter by MAC Address

potinho

potinho

Advanced OT User
Joined
Oct 11, 2009
Messages
1,402
Solutions
17
Reaction score
150
Location
Brazil
Hey guys,

Im using Ubuntu 18 and want to increase the security level of my server I'm trying to filter the SSH access logs only for authorized MAC, but I'm having difficulties. After use IPtables command bellow, i remove openssh full rule, but cannot connect on server. I already installed IPtables persistent and saved the settings after adding a rule. I'm using the command below :

/sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XXXX:XX:XX:XX -j ACCEPT


After then:

iptables-save > /etc/iptables/rules.v4

But rule is going to chain INPUT (policy DROP)
1648563979040.png
I need to allow few MAC ADDRESSES

I have this rules (working) used UFW, are in Chain OUTPUT (policy ACCEPT):

Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport dports http,https /* 'dapp_Apache%20Full' */
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* 'dapp_OpenSSH' */
 
Last edited:
Solution
amatria
MAC addresses can be easily spoofed. If you want to increase the security of your server, you are going about this the wrong way. Generate SSH keys and configure your server to only allow key based login (i.e. disable password auth and rate limit SSH connection attempts). You will be much more secure that way.
Sort by date Sort by votes
Sounds like an overkill thing to do, the simpler solution would be to just drop password authentication and use key based authentication. It's totally impractical to attempt to bruteforce a SSH key. The worst that could happen is that someone steals the key from your PC, and if that happens you have bigger issues.
 
Upvote 1 Downvote
MAC address is not transferred over internet, so you cannot filter anything by MAC. MAC filters are available in iptables, but you can use them only to filter connections in local network (ex. Wi-Fi).

MAC address for all connections from internet will be MAC of router closest to your dedic.

I don't use any iptables for SSH port. I always install fail2ban, which bans IP for too many invalid login attempts.
 
Upvote 1 Downvote
MAC addresses can be easily spoofed. If you want to increase the security of your server, you are going about this the wrong way. Generate SSH keys and configure your server to only allow key based login (i.e. disable password auth and rate limit SSH connection attempts). You will be much more secure that way.
 
Upvote 1 Downvote
Solution
amatria said:
MAC addresses can be easily spoofed. If you want to increase the security of your server, you are going about this the wrong way. Generate SSH keys and configure your server to only allow key based login (i.e. disable password auth and rate limit SSH connection attempts). You will be much more secure that way.
Click to expand...
done that, thanks!
 
Upvote 0 Downvote

Similar threads

222222
Linux How to secure a Linux server
Replies
12
Views
3K
TibiCAM
TibiCAM
Back
Top