Hi there, I use to do nat filtering with the PREROUTE chain, but in the latest version i see that is no longer possible. After trying to ajust my scripts i did: #allow TCP PORT 22 iptables -t filter -A FORWARD -p tcp --dport 22 -j ACCEPT # ssh #block everything else iptables -t filter -A FORWARD -j DROP Am i doing it in the correct way? The problem is, i cannot access the 22 port to the outside world when the DROP rule is applied. Jorge, -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
