Allow SSH trafic from local net and from a specific IP

I need to connect to my raspiNAS server from the local network and from a specific IP (my office IP address) but I don’t want to let it open to the world. So the steps are:
Configure a NAT rule in order to enable TCP port fowarding
Let’s play with iptables

# iptables -A INPUT -s OFFICE_IP/32 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j DROP

Setup iptables at boot:

sudo bash -c 'iptables-save > /etc/network/iptables'
sudo nano /etc/network/interfaces

At the bottom add

pre-up iptables-restore < /etc/network/iptables

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.