If you are trying to connect on
eth0, I don't see why it wouldn't work. I wonder if there is a problem with your SSH configuration instead of the firewall. For troubleshooting, you can see how many packets have matched a particular rule using the command:
where the first 2 columns list packet and byte counts. If the rule has ACCEPT as its target then packets matching it will go through.
In the spirit of constructive criticism, I would suggest reworking your script to clean it up a little. A good place to start would be by reading the
packet fileter howto. User chains can be useful, but in this case I don't see what your chain is accomplishing. I would suggest eliminating it and just do
-j ACCEPT on the actual lines in the INPUT or OUTPUT chains instead. And remember that once a packet matches a rule with
-j ACCEPT, it will leave the chain and not be processed by any more rules. It looks like you are trying to ACCEPT packets multiple times. I am not trying to dump on you -- just help you get a better firewall script.
Quote:
Originally Posted by notsosmart
why does the following line causes all incoming traffic to be dropped?
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
|
This line does
not drop all incoming traffic. It drops those tcp packets which are not part of an existing connection (--state NEW) and yet claim to be (! --syn), i.e. packets that are trying to pull a fast one on you.
I hope this helps.