Though most administrators will be able to accomplish all their firewall needs using the standard ClearOS web interface, it may be necessary to add custom firewall rules in some scenarios. The Custom Firewall Tool provides a way to create advanced firewall rules. Please use with caution!
If you did not select this module to be included during the installation process, you must first install the module.
You can find this feature in the menu system at the following location:
The following entries would restrict remote SSH (port 22) and Webconfig (port 81) access to specific IP address that you define (i.e. allow remote login from office, home, datacenter etc.).
# Deny all SSH connections $IPTABLES -I INPUT -p tcp --dport 22 -j DROP # All connections from address xyz $IPTABLES -I INPUT -p tcp --source 184.108.40.206 --dport 22 -j ACCEPT $IPTABLES -I INPUT -p tcp --source 220.127.116.11 --dport 22 -j ACCEPT # Deny all webconfig connections $IPTABLES -I INPUT -p tcp --dport 81 -j DROP # All connections from address xyz $IPTABLES -I INPUT -p tcp --source 18.104.22.168 --dport 81 -j ACCEPT $IPTABLES -I INPUT -p tcp --source 22.214.171.124 --dport 81 -j ACCEPT
Always use the keyword $IPTABLES rather than “iptables” to avoid issues. If you really want to use “iptables”, use “iptables -w”.