{"id":1784,"date":"2018-01-20T16:36:30","date_gmt":"2018-01-20T16:36:30","guid":{"rendered":"http:\/\/www.incredigeek.com\/home\/?p=1784"},"modified":"2018-01-20T16:39:23","modified_gmt":"2018-01-20T16:39:23","slug":"allow-whm-cpanel-ssh-logins-from-specific-ip-addresses-using-iptables","status":"publish","type":"post","link":"https:\/\/www.incredigeek.com\/home\/allow-whm-cpanel-ssh-logins-from-specific-ip-addresses-using-iptables\/","title":{"rendered":"Allow WHM\/cPanel ssh logins from specific IP addresses using iptables"},"content":{"rendered":"

For some reason the hosts.allow and hosts.deny files don’t seem to work on cPanel.\u00a0 One of the alternative methods to limit ssh logins to specific addresses is to use iptables.<\/p>\n

Allow access from specific IP addresses.\u00a0<\/strong><\/p>\n

Replace 192.168.1.0\/24 and 192.168.0.0\/24 with your addresses.\u00a0 You can add more addresses using the “,”.\u00a0 Also if your ssh port is not the default port, be sure to change it.<\/p>\n

iptables -A INPUT -s 192.168.1.0\/24,192.168.0.0\/24 -p tcp --dport 22 -j ACCEPT<\/pre>\n
Reject access from everywhere else<\/strong><\/p>\n
iptables -A INPUT -s 0.0.0.0\/0 -p tcp --dport 22 -j REJECT<\/pre>\n
You can see your rules with<\/p>\n
 iptables -L --line-numbers<\/pre>\n
If you need to add another rule after the fact, you’ll need to make sure that it is above the REJECT rule. you can use the “-I” to insert it between rules.<\/p>\n
Example:<\/strong> inserts rule as the second rule in the INPUT chain<\/p>\n
iptables -I INPUT 2 -s 192.168.42.0\/24 -p tcp --dport 22 -j ACCEPT<\/pre>\n","protected":false},"excerpt":{"rendered":"
For some reason the hosts.allow and hosts.deny files don’t seem to work on cPanel.\u00a0 One of the alternative methods to limit ssh logins to specific addresses is to use iptables. Allow access from specific IP addresses.\u00a0 Replace 192.168.1.0\/24 and 192.168.0.0\/24 … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[195,3],"tags":[196,15,7,221,382],"class_list":["post-1784","post","type-post","status-publish","format-standard","hentry","category-cpanel","category-linux","tag-cpanel-2","tag-iptables","tag-linux-2","tag-ssh","tag-whm"],"_links":{"self":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/1784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/comments?post=1784"}],"version-history":[{"count":6,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/1784\/revisions"}],"predecessor-version":[{"id":1790,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/posts\/1784\/revisions\/1790"}],"wp:attachment":[{"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/media?parent=1784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/categories?post=1784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.incredigeek.com\/home\/wp-json\/wp\/v2\/tags?post=1784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}