![]() ![]() Practically, you set this up this way in iptables: iptables -A INPUT -p tcp -dport 22 -m state -state NEW,ESTABLISHED -j ACCEPT The trick is to allow incoming ssh connection and communication, and to allow outgoing ssh communication (but not connection, if you do not want your host to make outgoing ssh connection). This is incorrect, as you can easily see yourself: you’ll allow ssh packets but your firewall will drop (or reject - depending on your default settings) anything that you send back in response to that ssh connection. It was incorrectly stated however that to allow ssh you only need to add a rule that allow incoming ssh packets. ![]() wifi radio, ethernet port), each with its own IP. ![]() Indeed many hosts have several network interfaces (e.g. In reality, the IP belongs to the network interface, not the host. packets with the host as source IPįORWARD : packets where neither source ip nor destination ip is the host’s IPĪs a side note, talking about the host’s IP is an abuse of language. ![]()
0 Comments
Leave a Reply. |