> You are always advised to make the default rule (Ie policy) drop with > any firewall then only explicitly allow traffic you wish allow: > > (I am assuming here you want to allow connections *to* port 22 on the > external network from your internal network, for my example the > internal network has an ip address of 192.168.0.0/24) > iptables -t filter -F FORWARD # Clear out what exists already > iptables -t filter -P FORWARD -j drop # Set default to drop > iptables -t filter -A FORWARD -s 192.168.0.0/24 -d ! 192.168.0.0/24 -p > tcp --dport 22 -j ACCEPT cisne:/etc/rc.d# iptables -t filter -P FORWARD -j DROP iptables v1.4.4: -P requires a chain and a policy Try `iptables -h' or 'iptables --help' for more information. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
