Tell socat to listen to connections from a single IP address
You can add the range
option to the socat listening address:
socat TCP-LISTEN:22,fork,range=8.8.8.8/32 TCP:192.168.0.15:5900
Or you can add the tcpwrap=vnc_forward
option and define global rules for that vnc_forward
service as per hosts_access(5).
That won't stop the connections from reaching socat
, but socat
will ignore them (with a warning) if they don't come from 8.8.8.8.
Something like this works for me to make socat listen on localhost only.
socat TCP-LISTEN:22,fork,bind=127.0.0.1 TCP:192.168.0.15:5900
So you could try this.
socat TCP-LISTEN:22,fork,bind=8.8.8.8 TCP:192.168.0.15:5900
Most people use firewalls for that. Have a look at iptables
to restrict traffic to port 22 i.e.:
iptables -I INPUT -p tcp '!' -s 8.8.8.8 --dport 22 -j REJECT
Or, if the firewall is already restrictive, allow just one address:
iptables -A INPUT -p tcp -s 8.8.8.8 --dport 22 -j ACCEPT
Please note that this is not a full configuration for an iptables firewall, you first need to setup a proper configuration before using the above.