SSH hank attempts… bad?

Stuart Jansen sjansen at buscaluz.org
Wed Apr 12 00:07:41 MDT 2006


On Tue, 2006-04-11 at 23:27 -0600, Wade Preston Shearer wrote:
> The command that I tried to use to open the port is:
> 
> /sbin/iptables -A INPUT -p tcp --syn --destination-port <new port -j  
> ACCEPT
> /sbin/iptables -A INPUT -p tcp --syn -j DROP

Has a similar command worked for you in the past? While it is impossible
to be sure without knowing more about your firewall, I'm fairly certain
that is not what you want. You'll probably have more luck with something
like:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport <new port> -j ACCEPT
-A INPUT -p tcp -j DROP

-- 
Stuart Jansen              e-mail/jabber: sjansen at buscaluz.org
                           google talk:   stuart.jansen at gmail.com

"However beautiful the strategy, you should occasionally look at 
the results." -- Winston Churchill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20060412/1deacfcb/attachment.bin 


More information about the PLUG mailing list