> Yes. But if you just want to allow ssh and web do the following: > # Allow ssh and web access to the firewall box > iptables -t filter -A INPUT -i $EXTIF -m match NEW,RELATED,ESTABLISHED > -j ACCEPT > # Allow the firewallbox to answer > iptables -t filter -A OUTPUT -o $EXTIF -m match RELATED,ESTABLISHED -j > ACCEPT for allowing only ssh and web the incoming rule should be: iptables -t filter -A INPUT -i $EXTIF -p tcp -m multiport --dport 80,443,22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT Greetings, Thorsten -- Thorsten Scherf, RHCE, RHCX GPG-Key 1024D/FFD73659 Fingerprint: 6ADE D9C6 CB90 958F BDBE 8D2E EAE8 4FE6 FFD7 3659
