1 Topic by purathal

  • purathal
  • Member
  • Offline
  • Registered: 2016-05-31
  • Posts: 43

Topic: Restrict SSH access

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

Hello,

What is the recommended way to block SSH access for all and restrict it to one or more specific IP addresses?

Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Restrict SSH access

You can do it with iptables firewall: allow access to ssh network port from specific IP addresses, and block all others.

3 Reply by purathal

  • purathal
  • Member
  • Offline
  • Registered: 2016-05-31
  • Posts: 43

Re: Restrict SSH access

ZhangHuangbin wrote:

You can do it with iptables firewall: allow access to ssh network port from specific IP addresses, and block all others.

Thanks. I understand that it can be done through the firewall... but my questions is which zone rules should I be editing (as a best practice) to include these new rules? Currently running on CentOS 7 so  firwallcmd. I understnd the default rules for iredmail are stored under the 'iredmail' zone - Is it OK to add these rules in there or should be kept outside of it?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Restrict SSH access

purathal wrote:

Is it OK to add these rules in there or should be kept outside of it?

It's ok to edit this zone file.