iptables Ubuntu VPS SSH rule
I'm trying to configure a VPS Ubuntu server to connect to codebase GIT server, just like heroku codebase authentication is based on SSH RSA keys.
I've uploaded the keys to the repository, and when I tested the codebase keys with the test command:
ssh [email protected]
it does not respond and connection time out. I tried to watch the requests with:
"ssh [email protected] -v" But it stops at: debug1: Connecting to codebasehq.com [188.65.183.234] port 22.
So I edited my iptables rules to this:
#cleaning rules
iptables -F
iptables -t nat -F
#Standard behaviour
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
#DNS
#iptables -A OUTPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
#GIT
#iptables -A OUTPUT -p tcp --dport 9418 -j ACCEPT
iptables -A INPUT -p tcp --sport 9418 -j ACCEPT
#SSL
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
for TCP you have to consider the state, this should help... :-)
#cleaning rules
iptables -F
iptables -t nat -F
#Standard behaviour
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# accept established connections
iptables -A INPUT -p ALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# loopback interface
iptables -A INPUT -p ALL -i lo -j ACCEPT
#SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
#iptables -A OUTPUT -p tcp --sport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
#DNS
#iptables -A OUTPUT -p udp --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
#GIT
#iptables -A OUTPUT -p tcp --dport 9418 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --sport 9418 -m state --state NEW -j ACCEPT
#SSL
iptables -I INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT