In article <[email protected]>, Sean Darcy <[email protected]> wrote: > > iptables -vnL > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 125K 171M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate > RELATED,ESTABLISHED > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 > 13 768 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp > dpt:22 > 1 40 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 > > So this means the packet is accepted only if it comes from the loopback > interface?
Yes, the rules above mean: 1. If the packet is part of an established or related session, accept it. 2. Else if it's ICMP (e.g. ping or network status), accept it. 3. Else if it's from the loopback interface, accept it. 4. Else if it's a new ssh connection, accept it. 5. Otherwise reject it. Nothing in there about accepting UDP, which is why you needed the extra rule to accept the IAX port. Cheers Tony -- Tony Mountifield Work: [email protected] - http://www.softins.co.uk Play: [email protected] - http://tony.mountifield.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
