Quote:
Originally Posted by jean2e
my iptables are
|
No, they aren't. Those rules would have never become active.
Quote:
iptables -P INPUT DENY
iptables -A INPUT -p udp --syn -m state --state NEW -m multiport --dports 22,25,110 -j ACCEPT
now , i can't use ssh to connect it, may be have some problems?
|
Thing is, your rules don't make sense. There's no such thing as a DENY policy (at least not in any modern iptables I've seen), and there's no such thing as a UDP packet that is SYN. SSH uses TCP anyway, and has nothing to do with ports 25 or 110. If all you want to allow is inbound connections to SSH, you just need something like:
Code:
iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p TCP -i eth0 --syn -p 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
The last line isn't necessary for SSH but you might need it for stuff on the local host.
If your intention was to allow inbound connections to SSH, SMTP, and POP3, then basically all you'd need to change in your second rule is the protocol:
Code:
iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p TCP -i eth0 --syn -m multiport --dports 22,25,110 \
-m state --state NEW -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT