>> Can you guys help on this? Sorry but i really have no idea, with the >> PREROUTING it was easy for me. > You can add -i and -o to specify the incoming and outgoing interface to > distinguish from the Internet and the LAN-side. no luck: I think it's always better to first allow, and drop in the end, no? iptables -t filter -A FORWARD -p tcp --dport 22 -j ACCEPT iptables -t filter -A FORWARD -m state --state NEW -p tcp --dport 22 -j ACCEPT or iptables -t filter -A FORWARD -o eth1 -m state --state NEW -p tcp --dport 22 -j ACCEPT iptables -t filter -A FORWARD -j DROP no luck. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
