Mon, 24 Jun 2002 14:31:28 +0100
On Monday 24 June 2002 1:23 pm, Daniel Sercaianu wrote:
> How can I drop ssh packets for destination hosts to which destination port
> is unknown and different from 22/tc?.
I can think of two answers to this:
1. You can't. Netfilter / IPtables works by port number, not by content, so
you can only filter by port number.
2. You allow through the traffic on the port numbers you want, and you block
everything else. Doesn't stop someone running an SSH server on port 80,
though, if you're trying to allow web access.