I'm not sure how to do this with ipchains, but in iptables it's as simple as:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
-- which accepts only tcp packets soming destined for only this machine
through port 22, which is what sshd listens to by default. Of course, on the
box this is on, everything else is flat dropped and SYN packets are logged,
then dropped. UDP port 22 is closed and doesn't register with nmap.
Glen
On Tuesday 16 April 2002 18:32, you wrote:
> On Tue, Apr 16, 2002 at 09:23:27AM -0400, Russell Hires wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > So the output statement lets stuff out? I have no problem with traffic
> > going out, either from the firewall computer or the ones inside the
> > firewall. But if I want to contact my firewall computer via ssh from
> > somewhere besides my home network...how would I allow that? I thought it
> > would be as simple as ipchains -A input -l -i ppp0 -d 0.0.0.0/0 22 -p TCP
> > -j ACCEPT
> >
> > but it hasn't worked out that way...
> >
> > Still thinking hard about all this.... :-)
>
> According to my /etc/services file, ssh also wants UDP traffic on this
> port, so you might need:
>
> ipchains -A input -l -i ppp0 -d 0.0.0.0/0 22 -p UDP -j ACCEPT
>
> I'd suggest looking at each line in your firewall script and, with
> your man pages in hand, tracking down what each line does. Eventually,
> any problems should pop out at you. In lieu of someone being able to
> specifically answer your specific question, this is your best bet.
>
> I'm not an expert on this-- I've only done what I described above.
> Otherwise, I'd tell you exactly what to do.
>
> Another (probably silly) question: is sshd running on this box?
>
> Paul
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:11:35 EDT