Hi folks - I'm hoping someone will be kind enough to supply me with an example of how I might accomplish something - I have a bunch of systems on live internet addresses. I'm setting up iptables to restrict what these machines can do on the net. The ideal situation is:
- Complete access to the local subnet only - Only SSH, POP3 and IMAP outbound connections to the rest of the net This is done. Not that hard. The bit that's giving me grief is that I'd really like to allow incoming SSH access to these machines from anywhere on the net, but this isn't going to work out too well if outbound connections are denied. Is there an easy way to specify that outbound connections are OK if they're in response to an incoming connection on TCP port 22? I've been reading chunks of documentation here and there all morning and my brain is starting to dribble out of my ears. :) Thanks, Mike.
