1 |
For testing purposes I changed the ssh rule to: |
2 |
|
3 |
-A TCP -p tcp -m tcp --dport 22 -j ACCEPT |
4 |
-A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP |
5 |
|
6 |
And still no go. As mentioned before, everything works fine until I |
7 |
try to close up the rest of the ports not opened up in the chains |
8 |
"UDP" and "TCP" stated above: |
9 |
|
10 |
#echo -e " - Dropping input TCP and UDP traffic to closed ports" |
11 |
-A INPUT -i $INTIF1 -p tcp -j REJECT --reject-with tcp-rst |
12 |
-A INPUT -i $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable |
13 |
|
14 |
#echo -e " - Dropping output TCP and UDP traffic to closed ports" |
15 |
-A OUTPUT -o $INTIF1 -p tcp -j REJECT --reject-with tcp-rst |
16 |
-A OUTPUT -o $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable |
17 |
|
18 |
#echo -e " - Dropping input traffic to remaining protocols sent |
19 |
to closed ports" |
20 |
-A INPUT -i $INTIF1 -j REJECT --reject-with icmp-proto-unreachable |
21 |
|
22 |
#echo -e " - Dropping output traffic to remaining protocols sent |
23 |
to closed ports" |
24 |
-A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable |
25 |
|
26 |
That is when I cannot SSH over to the server. |
27 |
|
28 |
N. |