On Thursday 03 January 2008 12:37:56 Christopher Chan wrote:
Too bad you missed the documentation on netfilter then. It would have told you that the INPUT chain controls what comes to the box, the OUTPUT chain what originates from the box and the FORWARD chain what goes through the box.
You would have needed a rule in FORWARD to allow ssh connections through the box. The rules in the INPUT and OUTPUT chains would have zero effect on connections going through.
It might also help if we put a rule that will log what happens for troubleshooting. Put these lines in the last of your rules (pls mind the word wrap): iptables -A INPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** INPUT DROP ** ' iptables -A OUTPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** OUTPUT DROP ** ' iptables -A FORWARD -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** FORWARD DROP ** '
We can now see the result in /var/log/messages HTH,