* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [030620 09:49]: > Hi > > I need help w/ simple iptables rules. > > Needs: > to only allow ssh packets in and they would be over an > ethernet interface. > > allow all outbound traffic
iptables -P INPUT DROP iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A INPUT -p udp -j REJECT --reject-with ucmp-port-unreachable iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT Note, this also allows ICMP traffic. I believe this is a Good Thing. Also, start with a clean slate (meaning flush all of your tables and delete any user-defined tables you may have already created), before you do this. good times, Vineet -- http://www.doorstop.net/ -- I am mortified to be told that, in the United States of America, the sale of a book can become a subject of inquiry, and of criminal inquiry too. -- President Thomas Jefferson
signature.asc
Description: Digital signature
