Hi..
First sorry for my bad english..

I, just made an iptables script, and i having a problem.
That i can't connect to sshd localhost (firewall computer) ..

This is my script..

#!/bin/sh
#######################
## Script made by ##
## Plutonium ##
#######################

#### Interface ####
INET_IFACE="eth0"

#### Remove all rules and chains ####
iptables -F
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -X
iptables -Z

#### Blocl all traffic ####
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

#### Accept icmp ping osv ####
#iptables -A INPUT -p icmp --icmp-type 3 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A OUTPUT -p icmp --icmp-type 3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p icmp --icmp-type 8 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


#### Accept to talk to localhost ####
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#### DHCP servern ####
iptables -A INPUT -i $INET_IFACE -p udp -s 0/0 -d 0/0 --sport 67:68 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $INET_IFACE -p udp -s 0/0 -d 0/0 --dport 67:68 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#### Accept SSH ####
## From all ##
iptables -A INPUT -p tcp -i $INET_IFACE --sport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -o $INET_IFACE --dport 22 -j ACCEPT

## Or from an IP ##
#iptables -A INPUT -i $INET_IFACE -p tcp --sport 22 -m account --aaddr 192.168.0.100 -m state NEW -j ACCEPT
#iptables -A OUTPUT -o $INET_IFACE -p tcp --dport 22 -m account --aaddr 192.168.0.100 -m state NEW -j ACCEPT

#### Traffic IN ####

# DNS
iptables -A INPUT -i $INET_IFACE -p udp -s 0/0 -d 0/0 --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

# WEB
iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT

# SSL
iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT

# MSN
iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 1863 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $INET_IFACE -p udp -s 0/0 -d 0/0 --sport 33700:33800 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Mail
iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 25 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 143 -m state --state ESTABLISHED,RELATED -j ACCEPT # IMAP

# Webradio
iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 8500 -m state --state ESTABLISHED,RELATED -j ACCEPT # Radioseven
iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 7799 -m state --state ESTABLISHED,RELATED -j ACCEPT # Ice Radio


#### Traffic OUT ####

# DNS
iptables -A OUTPUT -o $INET_IFACE -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# WEB
iptables -A OUTPUT -o $INET_IFACE -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# SSL
iptables -A OUTPUT -o $INET_IFACE -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# MSN
iptables -A OUTPUT -o $INET_IFACE -p tcp -s 0/0 -d 0/0 --dport 1863 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $INET_IFACE -p udp -s 0/0 -d 0/0 --dport 33700:33800 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Mail
iptables -A OUTPUT -o $INET_IFACE -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $INET_IFACE -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # IMAP

# Webradio
iptables -A OUTPUT -o $INET_IFACE -p tcp -s 0/0 -d 0/0 --dport 8500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Radioseven
iptables -A OUTPUT -o $INET_IFACE -p tcp -s 0/0 -d 0/0 --dport 7799 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Ice Radio

#### Block all Windows netbios broadcast packages ####
iptables -A INPUT -p UDP -i $INET_IFACE -s 0/0 --dport 135:139 -j DROP

#### Log ####

# Logga alla intrång på degbug nivå
#iptables -A INPUT -i $INET_IFACE -p ALL -j LOG --log-level debug

# Logga ssh attacker över 3 försök
#iptables -A INPUT -i $INET_IFACE -p tcp -s 0/0 -d 0/0 --sport 22 --syn -m limit --limit 3/m -j LOG --log-level debug --log-prefix 'SSH attack'

# Logga synflood attacker
iptables -A INPUT -i $INET_IFACE -p tcp --syn -m limit --limit 10/h -j LOG --log-level debug --log-prefix 'Synflood attack'

# Logga PoD attacker.
iptables -A INPUT -i $INET_IFACE -p icmp --icmp-type echo-request -m limit --limit 10/h -j LOG --log-level debug --log-prefix 'Ping of Death attack? '

# Protect from PoD.
iptables -A INPUT -i $INET_IFACE -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

#### Print all rules/chains ####
#iptables -vL




And yes I will decide what traffic out..

After looking at your firewall script I think I'm noticed a mistake. I will admit though that I'm not an IPTables expert so I could be wrong. In your script you have this

The first line says "accept input to eth0 if tcp protocol and the source port is 22."

I believe it should say "accept input to eth0 if tcp protocol and the destination port is 22." In coding IPTables it means this

Other than that the only thing I can think of would be to check your sshd configuration to make sure everything is configured correctly. Good luck and hope this helps.

For your ssh rules, first remove '-m account --addr' and replace with '-s'. Also I believe that you have --sport and --dport reversed. Are you trying to allow connections to this machine or allow outbound connections from this machine to other systems running sshd?

booth options im using..

Then you'll need to allow incoming connections with a dport of 22. Use the iptables rule that Centinul posted above.

Easy iptables script:

http://www.geocities.com/steve93138/