And use the public-key ;) ----- Original Message ----- From: "Georgi Alexandrov" <georgi.alexandrov@xxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Friday, December 09, 2005 10:23 PM Subject: Re: opening port for SSH > Edwin Kapauni wrote: > > > From the recent thread > > <http://www.spinics.net/lists/netfilter/msg33021.html> I have adopted > > this ruleset for a standalone computer. > > > > Now, I need some help teaching me how to open ports for SSH and VoIP. > > That shouldn't be too difficult, right? > > > > ######################### start ########################### > > > > > > iptables -F > > iptables -X > > iptables -Z > > iptables -t nat -F > > iptables -t nat -X > > iptables -t nat -Z > > iptables -t mangle -F > > iptables -t mangle -X > > iptables -t mangle -Z > > > > > > iptables -P INPUT DROP > > iptables -P FORWARD DROP > > iptables -P OUTPUT ACCEPT > > > > > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A INPUT -i lo -j ACCEPT > > iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT > > iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT > > iptables -A INPUT -p icmp --icmp-type 12 -j ACCEPT > > iptables -A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with > > tcp-reset > > > > > > ############################# end ################################# > > > > Thanks for any help. > > > > > > > If you are running your ssh server on port 22, you should add the > following line to the script: > iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPT > > But i highy recommend bindind the ssh server to a higher port. > > > regards, > Georgi Alexandrov >
