blocking ssh with iptables

sometime we must blocking ssh port for make our network secure. ssh is protocol for allow remote server for the outside network. with iptables we can allow or blocking access ssh but now i will write about blocking ssh protocol.

in these case we need root login for make rule on iptables. see about rules below to see howto blocking ssh connection from the outside network

/sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
/sbin/iptables -A OUTPUT -p tcp --sport 22 -j DROP

from the rules above all connection through port 22 is blocking accept incoming or outgoing. with iptables we can allow only ip address who we trusted to use ssh port see about rule below:

iptables -A INPUT -p tcp -s 192.168.88.0/24 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 192.168.88.0/24 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT

we see from the rule that we allow incoming and outgoing from the network 192.168.88.0/24 to use ssh protocol. iptables is linux  firewall  very use full to make the network more secure.