Hello. I've been using the following iptable for ssh changed port on Fedora, where the pc is not behind a wireless router. 1. How should this table change if the pc now is behind a router? 2. Are the lines for dport 500, 5353, 631, 137, 138 necessary? thanks, Henry E. ---------------------------------------------------------------------------------------------------------------------------------------------------------- > > # Firewall configuration written by system-config-firewall > # Manual customization of this file is not recommended. > *nat > :PREROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > -A PREROUTING -i eth0 -p tcp --dport ### -j DNAT --to-destination ##.###.###.###:### > > COMMIT > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p ah -j ACCEPT > > -A INPUT -p esp -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 500 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT > > -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport ### -j ACCEPT > -A INPUT -j LOG --log-prefix firewall: > > -A INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIT -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
