On Sun, Sep 02, 2001 at 10:10:25AM -0700, Mike Egglestone wrote: > Hi all, > > What would be a good ipchains command to block all tcp traffic > to and from a box except "ssh"? > I have a box that will only be running rsync thru ssh. > > This is what I tried, but I don't think it worked. > > ipchains -I input -p tcp -s 0/0 -d 0/0 ! ssh -j DENY
Personally, I start by blocking everything, and then open up what I need.
$ipchains -P input DENY
# Allow incoming SSH on external interface.
$ipchains -A input -p tcp -d $ipexternal/32 22 -i eth0 -j ACCEPT
$ipchains -A input -p udp -d $ipexternal/32 22 -i eth0 -j ACCEPT
Mike
pgp8nL5Get5IS.pgp
Description: PGP signature
