That was it - works perfectly. Now I have a base-line and can start tweeking and logging from there. I will do as others have suggested, and either only allow SSH from one IP address or range, OR use the pubkey suggestion. Thanks! Scott Miller -----Original Message----- From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Mike Wright Sent: Friday, March 27, 2009 1:55 PM To: Scott Miller Cc: netfilter@xxxxxxxxxxxxxxx Subject: Re: Verify rules Mike Wright wrote: > Scott Miller wrote: >> Thanks for the suggestions > > *filter > :INPUT DROP [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -m state --state ESTABLISHED,RELATED ^^^^^^^^ Sorry, it's been a long week. The above line should read: > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT > -A INPUT -p tcp -m multiport --dports 22,25,53,80,110,873,993,10000 -m > state --state NEW -j ACCEPT > -A INPUT -p udp -m multiport --dports 53,123,873 -m state --state NEW -j > ACCEPT > -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset > COMMIT -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.28/2022 - Release Date: 03/27/09 07:13:00 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html