On Thursday 03 January 2008 12:37:56 Christopher Chan wrote: > Too bad you missed the documentation on netfilter then. It would have > told you that the INPUT chain controls what comes to the box, the OUTPUT > chain what originates from the box and the FORWARD chain what goes > through the box. > > You would have needed a rule in FORWARD to allow ssh connections through > the box. The rules in the INPUT and OUTPUT chains would have zero effect > on connections going through. It might also help if we put a rule that will log what happens for troubleshooting. Put these lines in the last of your rules (pls mind the word wrap): iptables -A INPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** INPUT DROP ** ' iptables -A OUTPUT -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** OUTPUT DROP ** ' iptables -A FORWARD -m limit --limit 2/m --limit-burst 2 -j LOG --log-prefix '** FORWARD DROP ** ' We can now see the result in /var/log/messages HTH, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 17:14:40 up 9:52, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20080103/7da3262f/attachment-0005.sig>