I asked the customer to use a certain server as a general user, but there was a requirement that it should not be used like a stepping stone for ssh, so I responded with iptables.
iptables -A OUTPUT -p tcp --dport 22 -m owner --uid-owner {USERNAME} -j DROP
If the LISTEN port of the other server is other than 22, it is meaningless, so please change it as needed depending on the environment.
apt install iptables-persistent
/etc/init.d/iptables-persistent save
Recommended Posts