----- Original Message ----- From: "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Sunday, July 20, 2003 11:09 AM Subject: RE: rules for ssh > > Is there any other rule to allow ssh from an internal network > > to the server. > > > > till now i have used a rule like this: > > > > $iptables -A tcp-packets -p TCP -s xxx.xxx.xxx.xxx -allowed > > I guess this rule is not working, worse : it should generate an error as > I don't think "-allowed" will be recognized. > And if it would work then it would open all tcp services, not just ssh. There is my typing mistake here,but on my server it is written correctly : '-j allowed' . And I tried this way, just to be sure that all services are allowed in that privat IP. It is solved now, I was so tired that day and I forgot that this privat IP I mentioned was behind another real yyy.yyy.yyy.yyy IP that was not allowed to use ssh port. So I couldn't enter to my destination zzz.zzz.zzz.zzz IP. > Let's say your internal network is 192.168.1.0/24. Try this : > (You can subtitute INPUT for tcp-packets if you like.) > $iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT Yeah. This is careful rule for one service. It's time to see more on security now. > > Gr, > Rob Thanks for your help Tani
