Home / server / Questions / 825780
In Process
Dan Hastings
Asked: 2017-01-13 00:48:15 +0800 CST

Close default SSH Port On Centos

  • 772

I have been getting 1000s of failed logins per hour over the past few weeks and I'm sure 99% of them are from bots. I have installed fail2ban and I've been blocking some subnets, but i have also decided to change the port i use for SSH. It's only me using the server, so Its a simple change to get rid of a lot of bot requests.

I have made the change and everything is working fine. I want to now block port 22. I have checked firewalld and there was never a rule for port 22, which makes me wonder how it worked in the first place. Something must have been in place to make sure that port 22 requests were not blocked. How do I disable this and completely lock down port 22?

firewall security ssh

2 Answers

  1. From your earlier question I see you are using CentOS 6. The /etc/sysconfig/iptables file will contain the state of your IPv4 firewall when it is first loaded. This may be different from the running state of your firewall, especially if you have been adding arbitrary rules. You can save the current state of your firewall with the command

    service iptables save

    which will overwrite /etc/sysconfig/iptables (it may be prudent to make a backup first).

    Under normal circumstances you will find a line like this

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

    which allows connections to port 22. Simply delete the line and then save the file. When you are back at the command line run the command

    service iptables reload

    This will ensure that the saved firewall state and the running firewall state are the same. This works because the default firewall on CentOS 6 has a blanket REJECT rule at the end of the INPUT chain.

    If you do not want to rely on the blanket REJECT then change the line to

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j DROP

    save and restart as above.

    Note though that what @ipor says is true. If you have moved sshd to a different port then it is effectively closed as nothing is listening.

    • 1

  2. Use below IPtable rules to block the port 22 in firewall level after login as root.

    block ssh over eth0 (nic card) from outside to system.

    iptables -F

    service iptables save

    iptables -A INPUT -i eth0 -p tcp --dport 22 -j DROP

    iptables -A OUTPUT -o eth0 -p tcp --sport 22 -j DROP

    service iptables save

    So it will keep iptable state for ever. (remember there are lot way to block unwanted request, you can select which one want to use it in your env. as per your requirement since anyone can do the "googling".)

    • -1