Bryan Christ <bryan.christ@xxxxxxxxxxxxx> writes: > I locked myself out of my server until I rebooted it. My goal was to lock down everything and allow only SSH connectivity. Can anyone show me where my logic went wrong? Here was the fatal script which I wrote: > > /sbin/iptables -F INPUT > /sbin/iptables -A INPUT -s 0/0 -j DROP First, you drop EVERYTHING from EVERYWHERE. > /sbin/iptables -A INPUT -s 0/0 -m state --state NEW,ESTABLISHED -p tcp --dport 22 -j ACCEPT Then you allow SSH from everywhere else, which is... NOWHERE. > My guess is that I missed accepting syn packets, but I'm not ready to "try" again. Instead, get familiar with the principle that "order does matter". -- Bjørn
