-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think I see the problem. Basically, you want to use --dport, instead of --sport. For example, the way you have it now: iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT means that you'd be accepting connections with source ports 20:22. If I understand tcp/ip correctly, that could never happen with those ports, I think they're used only for responding to already initiated connections. So, if what you want to do is to allow connections on ports 20:22 in this example into your box, use --dport. Greg On Sun, Mar 25, 2007 at 03:36:43PM -0700, Littlefield, Tyler wrote: > Hello list, > I've got the following iptables set. > iptables -F > iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT > iptables -A INPUT -p tcp --sport 80 -j ACCEPT > iptables -A INPUT -p tcp --sport 110 -j ACCEPT > iptables -A INPUT -p tcp --sport 3784 -j ACCEPT > iptables -A INPUT -p tcp --sport 443 -j ACCEPT > iptables -A INPUT -p tcp --sport 6666:6670 -j ACCEPT > iptables -A INPUT -p tcp --sport 10000 -j ACCEPT > iptables -A INPUT -p tcp --sport 20000 -j ACCEPT > iptables -P INPUT DROP > iptables -P OUTPUT ACCEPT > I'm dmzed, and when I run this, it puts everything to filter. > Any idea what I'm doing wrong? > Thanks, > ~~TheCreator~~ > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGBwgX7s9z/XlyUyARAsCLAJ97NBM9eFYvQtGXAtO205j37fTk1gCfW+HS ArSXMxhPWyq79WeX8FnJ8y4= =Em7O -----END PGP SIGNATURE-----
