> whoops - forgot this is a dual homed computer and I am opening the eth0 to > the outside world for ssh. > I did find this - > iptables -A INPUT -p tcp --syn --destination-port 22 -j ACCEPT > iptables -A INPUT -p tcp --syn -j DROP > this confuses me because of the "DROP" and the "--syn" > Thanks, > Doug > > -----Original Message----- > From: Simpson, Doug > Sent: Tuesday, January 14, 2003 1:59 PM > To: 'netfilter@lists.netfilter.org' > Subject: ssh > > > I have acomputer I want to ssh to from the internet. What is the IPTABLES > command to open this port? > Thanks, > Doug > if you're opening ssh to the machine itself then: /sbin/iptables -A INPUT -p tcp -i eth0 -d <eth0 IP address> --dport 22 -j ACCEPT /sbin/iptables -A OUTPUT -p all -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT if for a host behind the firewall: /sbin/iptables -A FORWARD -p tcp -i eth0 -o ethx -d <ssh server ipaddress> --dport 22 -j ACCEPT /sbin/iptables -A FORWARD -p all -m state --state RELATED,ESTABLISHED -j ACCEPT some of those interface settings aren't compulsary like in the forward chain but I like to put them in. I would suggest them though for the INPUT and OUTPUT chains as you have more than one interface. Oh and maybe set the default policy of all to DROP. HTH Zz
