Hi.
I was expecting that the following command would allow SSH traffic to my box: iptables -A INPUT -j ACCEPT -i eth0 -p TCP --destination-port 22
It doesn't work at all, and I can't ssh anywhere else either. I ran iptables -F before the rule.
This is a Suse 9.3 box. I would like to allow all outgoing traffic, but only allow SSH coming in.
You need to have a rule on the OUTPUT chain to allow all traffic, or have the OUTPUT policy set to ACCEPT.
You also need to have a rule on the INPUT chain to allow ESTABLISHED and RELATED packets in, otherwise if you try to establish an outgoing connection of any sort, the packets you send will get out, but the packets coming back will not get in.
Thanks for this. It's broken less badly now.
I have iptables -F iptables -A INPUT -i eth0 -s 0/0 -d myiip -p tcp --destination-port 22
-j ACCEPT iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Unfortunately, running iptables -L hangs now.
I can now ssh to this machine from another, but incoming traffic seems blocked, depsite the default OUTPUT policy set to ACCEPT.
Your first two commands are okay. You could get rid of -s 0/0 as that does nothing.
Your last command is incorrect; you merged two needed commands together. You need:
To let responses to your OUTPUT packets get in, you need: iptables -A INPUT -i eth0 -d myiip -m state --state ESTABLISHED,RELATED -j ACCEPT
If your output policy is not ACCEPT, you also need: iptables -A OUTPUT -o eth0 -j ACCEPT
If you don't already have them, you should probably have INPUT and OUTPUT rules to ACCEPT on the "lo" interface.
you've probably got no DNS. try
iptables -nL
Thanks! It all works now :)
That did it - thanks.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.