![]() –state NEW, ESTABLISHED: Options for the “state” matching module.We’ll discuss more about “-m” option (and all available matching modules for iptables) in future article. -m state: This indicates that the “state” matching module is used.–dport 22: This refers to the destination port for the incoming connection.-p tcp: Indicates that this is for TCP protocol.For incoming connections, this always has to be ‘-i’. -i eth0: This refers to the input interface.For incoming connection request, this always has to be INPUT. iptables -A INPUT: Append the new rule to the INPUT chain.Iptables -A INPUT -i eth0 -p tcp -dport 22 -m state -state NEW,ESTABLISHED -j ACCEPT This indicates that the default chain policy is ACCEPT. However, we didn’t restrict the outgoing traffic.Īs you notice below, it says “(policy ACCEPT)” next to all the three chain names (INPUT, OUTPUT, and FORWARD). In the above 3 steps we dropped all incoming packets at the end (except incoming ssh). So, both the INPUT and OUTPUT chain’s default policy is ACCEPT. If you don’t what what a chain means, you better read our iptables introduction article. ![]() One problem with the above steps is that it doesn’t restrict the outgoing packets. Drop all other incoming packets: “iptables -A INPUT -j DROP”. ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |