ClearOS offers Attack Detector but if you have a fixed IP address, you can restrict SSH and / or Webconfig (the web-based admin panel) to a specific IP address.
Below is an example to remove SSH (usually port 22) and Webconfig (port 81) access from default Incoming Firewall (https://example.org:81/app/incoming_firewall) and replace by rules in the Custom Firewall
Be careful not to lock yourself out!
Blanket block of SSH access on port 22
iptables -I INPUT -p tcp --dport 22 -j DROP
Accept connections from 203.0.113.0 (replace with your IP)
iptables -I INPUT -p tcp --source 203.0.113.0 --dport 22 -j ACCEPT
Blanket block of ClearOS Webconfig
iptables -I INPUT -p tcp --dport 81 -j DROP
Accept connections from 203.0.113.0 (replace with your IP)
iptables -I INPUT -p tcp --source 203.0.113.0 --dport 81 -j ACCEPT
Notes
- The order of the rules is important, so in this case, it's block everything, and after, add an exception.
- Rules from the default Incoming Firewall override Custom Firewall rules, so you'll want to disable the SSH and Webconfig rules that are there by default
- Make sure you have activated the rules on the Custom Firewall (you disable a rule instead of deleting)
- You can also use ClearOS as a gateway and VPN server, and thus, you would VPN in to your office, and access the server from there.
- The same idea could be used to restrict a web-based intranet (with port 80 / 443)