By chance, do you have a * in hosts.deny? This is not an iptables problem. IMO, you are denying everything and only including what you have in hosts.allow, since it runs before hosts.deny. That would allude to your hosts.deny being restrictive which is fine, but it means that you can't easily allow dynamic connections. Maybe you can check the pattern matches in "man hosts.allow" to see what can be done to limit the number of entries you need to add to the list. -----Original Message----- From: tamato@xxxxxxxxx [mailto:tamato@xxxxxxxxx] Sent: Thursday, April 10, 2003 11:25 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Iptables & Remote SSH Sorrows I have configured iptables to allow ssh connections. However, no one is able to connect unless I add their IP address to the /etc/hosts file. Since my remote useres are on dynamic IP's - their address changes each time they log in to their internet accounts. Is there a way to configure iptables or another system file that would allow ssh connections from any IP? My setup: OS......: Linux Kernel: 2.4.18 Distro..: RedHat 8.0 (2.4.18-27.8.0) Iptables: 1.2.6a-2 [remote users]---->(internet)<----[linux box] Iptables SSH command (loaded from /etc/init.d/iptables script): iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT Any insight or help would be much appreciated. Thanks. -tom-
