a script problem
Tzafrir Cohen
tzafrir@technion.ac.il
Tue, 22 Jan 2002 11:13:14 +0200 (IST)
On Mon, 21 Jan 2002, Kevin Smith wrote:
> I changed the last script and took out the anything
> referring to forwarding packets. All I want to do is
> drop eveything, expect a few things in and out. No
> forwarding.(Not yet at least) The most important thing
> I need is to be able to connect through SSH from
> another machine. If I comment out these two lines,
> everything is accepted and I can connect.
>
> $IPTABLES -A INPUT -i $NET_IF -j DROP
> $IPTABLES -A OUTPUT -o $NET_IF -j DROP
>
> If I leave them I cannot connect at all. Even though I
> explicitly have a rule that excepts SSH connections.
What about outgoing ssh traffic? Isn't it dropped?
Just a standard debugging procedure that might save you some time:
Log every packet you drop (on each rule: with a different name).
Then try to connect, and see where packets are dropped.
--
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir