Filtered address in can login

Nikolai Alexandrov voyager123bg at
Tue Aug 16 19:34:59 CEST 2005

Are you sure your default POLICIES are ok? I mean...
do you have somewhere:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
... your script ...
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

You should also consider adding rules for the DNS to work.

vladimir wrote:

>Hi, I have iptables-1.2.7a and 2.4.26 kernel and there is something
>I have the following rule:
>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>iptables -A INPUT -s 0/0 --protocol tcp --destination-port 80 -j ACCEPT
>iptables -A INPUT -s IP_ADDR  --protocol tcp --destination-port 22  -j
>iptables -A INPUT -p tcp --syn -j DROP
>So I expect that only  the specified IP_ADDR can ssh to port 22 in my
>But in /var/log/secure I see that some other IP's for example
> try to login to ssh  with different user names to my
>However, then I try ssh to that server not from IP_ADDR I can not, as
>Please tell me how this bypass my firewall.
>Thank you very much, 

More information about the netfilter mailing list