You need to allow the return traffic also. This can be done with connection tracking and the state match. /Oskar 2009/6/24 Jorge Bastos <mysql.jorge@xxxxxxxxxx>: > Hi there, > I use to do nat filtering with the PREROUTE chain, but in the latest > version i see that is no longer possible. > After trying to ajust my scripts i did: > > > #allow TCP PORT 22 > iptables -t filter -A FORWARD -p tcp --dport 22 -j ACCEPT # ssh > #block everything else > iptables -t filter -A FORWARD -j DROP > > > Am i doing it in the correct way? > The problem is, i cannot access the 22 port to the outside world when the > DROP rule is applied. > > Jorge, > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
