ruebenramirez
commented
8 years ago sources:
- how to delete iptables rules - https://major.io/2007/02/09/delete-single-iptables-rules/
- iptables targetted drop: http://unix.stackexchange.com/questions/145929/how-to-ensure-ssh-port-is-only-open-to-a-specific-ip-address#comment235689_145933
I just setup xdebug to work with netbeans for some magento dev on my work laptop (which I use more as a desktop in the office). I haven't been able to finalize all of the configuration though and I'm going to be travelling next week, so I figured I would wire up VNC access.
I wasn't able to make an encrypted VNC connection to my ubuntu workstation from my mac laptop vnc clients (I must have tried 3 or 4 different clients). I saw a bunch of resources (like this one that recommended disabling encryption! :( As it turns out, the only way I could successfully connect was with encryption disabled..
So I decided to disable the VNC encryption and use an SSH tunnel to protect the session traffic. This means I have an unencrypted service just listening blindly on port 5900 for the world to see though, right?!
...enter iptables -- block all TCP traffic to port 5900 from everyone but localhost
On ubuntu I needed to install the
iptables-persistentpackage also and do a:...so that my brand-spankin'-new iptables rules don't disappear next time I reboot the machine.
Now I can safely connect to VNC through an SSH tunnel without having to worry about 5900 being open for the world to see.