Karma Yogi's questions -server

Karma Yogi

Asked: 2024-04-18 16:50:44 +0800 CST

How to disable Network Interface for SSH?

In my linux machine, I have 10 network interfaces available like eth0, eth0.67, eth0.70, eth0.97 etc,.

When i run the command nc 160.48.249.170 22 to check, i get like below:

root@icon:~# nc 160.48.249.170 22
SSH-2.0-OpenSSH_8.2

In my system, eth0.97 is having inet as 160.48.249.170. So here SSH is listening on interface eth0.97.

Similar to above, SSH is listening on all available 10 interfaces. How to disable or enable one particular interface to listen on SSH?

In /etc/ssh/sshd_config, below was the configuration

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

But i changed as below to listen only one interface and restarted ssh.

#Port 22
#AddressFamily any
ListenAddress 160.48.199.186
#ListenAddress ::

But after above change also, ssh is listening on all interfaces

Karma Yogi

Asked: 2023-11-15 14:38:54 +0800 CST

I have below command

ip6tables -A INPUT -m ipv6header --header hop,dst,route,frag,auth,esp,none,prot --tcp-flags ACK SYN

But getting error as ip6tables v1.8.4 (legacy): unknown option "--tcp-flags"

I have tried --tcp-flags option with iptables, It works fine. But in ip6tables, it gives error

Karma Yogi

Asked: 2023-11-15 13:43:42 +0800 CST

I have below iptable rule

iptables -A PRIO_IN -p tcp -s 203.0.113.0 --sport 5432 -d 203.0.113.0 --dport 5432 -j ACCEPT -m limit --limit 100000/sec

When i run this rule, i get error as Rate too fast 100000/sec.

So I want to what is the minimum and maximum value we can pass to --limit option with per sec, per min and per hour