[wplug] iptable problems
Romano, Christopher
cjr6 at exchange.cis.pitt.edu
Mon Dec 17 08:56:30 EST 2001
-----Original Message-----
From: coldfire
To: 'wplug at wplug.org'
Sent: 12/16/2001 6:29 PM
Subject: RE: [wplug] iptable problems
> > #SSH
> > iptables -A INPUT -i ppp0 -p tcp --sport 22 -m state --state
> NEW,ESTABLISHED
> > -j ACCEPT
>
> >You probably want --dport 22. This rule accepts any connection
> >originating from port 22 on the remote machine connecting to any port
> >on the machine you're trying to protect.
>
> I have this rule:
> iptables -A OUTPUT -o ppp0 -p tcp --dport 22 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>but that rule specifies ppp0 as the outgoing interface ... if you want
>to
>be able to ssh into that particular machine, you should be concerned
>with
>the incoming interface.
>coldie
I have both of these rules.
iptables -A INPUT -i ppp0 -p tcp --sport 22 -m state --state NEW,ESTABLISHED
-j ACCEPT
iptables -A OUTPUT -o ppp0 -p tcp --dport 22 -m state --state
>NEW,ESTABLISHED -j ACCEPT
one for outgoing and one for incoming.
Chris
More information about the wplug
mailing list