Hi All,
I rarely post to this list; mainly due to a lack of knowledge... but find the email chains fascinating and very informative. I was hoping you could help me out with a few security adjustments on my home development server running Ubuntu 10.10; I would like to achieve the following setup with iptables and maybe a script in sshd_config?
* Accept any connection from within the LAN (192.168.0.*) * Deny All from outside LAN (Except to ports 22, 80, 443, and the range 8000 to 8999)
(the above is admittedly easily done with a google search) but my skills cant quite stretch to finding out how to add an exception to iptables for the IP of any authenticated ssh session and on timeout or disconnect remove that exception. I could then allow external developers to develop on a private port range (7000-7999 - as I do internally) by just connecting to ssh with their public key.
Is this possible?
Festive Tidings
Alex