My bad... you still need a rule to accept ssh traffic... so add a fourth rule -A INPUT -p tcp --dport ssh -m state NEW -j ACCEPT and a fifth -A INPUT -p tcp -m state ESTABLISHED,RELATED -j ACCEPT The fourth rule accepts SSH which hasn't been dropped by the first 3 rules, the fifth just allows established sessions and related. You'll need to tighten the fourth rule as appropriate but you don't need to add the rate limiting stuff as that's delt with so just tighten allowed addresses,ports etc. (Tip: unless you've moved a service from its usual port you can use the name from /etc/services for the port number, and for the -p <protoocl> you can use the names from /etc/protocols) -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
