Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] SSH tunneling
  • From: Mello <mellowiz@xxxxxxxxx>
  • Date: Wed, 12 Apr 2006 08:29:59 +0200
  • Message-id: <3b5f6ee20604112329j11effeb0h44945891cbf08e00@xxxxxxxxxxxxxx>
I agree with James: ACLs (ACcess Lists) are the solution to your problem.
You can use iptables to block SSH traffic directed to a specific IP or
subnet.

There are many good articles on the web (just Google for "iptables block
traffic") but you may want to start from the manpage :)
http://www.die.net/doc/linux/man/man8/iptables.8.html

-mw


On 4/11/06, James Knott <james.knott@xxxxxxxxxx> wrote:
> M. Edwin wrote:
> > Hi list,
> >
> > Some of our user here use SSH to the server. But some of them use ssh
> > tunnelling to connect to proxy outside our network which is not allowed.
> > Is there anyway to block this tunneling without blocking ssh traffic?
> > Any help would be appreciated.
>
> You could filter at the firewall according to addresses. However,
> there's no way to know what ssh is being used for.
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>
>
>
< Previous Next >
References