El Mar 14 Ene 2003 21:28, Simpson, Doug escribió: > whoops - forgot this is a dual homed computer and I am opening the eth0 to > the outside world for ssh. > I did find this - > iptables -A INPUT -p tcp --syn --destination-port 22 -j ACCEPT With this rule you mean you accept every incoming packet from the internet through the por 22, and specially packets with the SYN,RST,ACK bit sets to 1 (you accept people should establish a connection to the 22 port) > iptables -A INPUT -p tcp --syn -j DROP And, out of that, every incoming TCP packet, DROPs -Miguel Angel Baeyens KeyID: 0x6FB7A511 en rediris.es
