Code: Select all
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
Code: Select all
iptables -P INPUT DROP
Code: Select all
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
Code: Select all
iptables -P INPUT DROP
Code: Select all
how to block all incoming traffic except ssh
Code: Select all
iptables -S
Code: Select all
iptables -l
Code: Select all
man iptables
Code: Select all
# Setting default policies:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Exceptions to default policy
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # HTTP
Code: Select all
#I allowed port for the ssh connection with this command:
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
#But then if i set the default policy to reject all incoming traffic with this
#command i am loosing the ssh connection:
#
iptables -P INPUT DROP
You reject (drop) by default, and allow NEW connections to port 22.emil_21 wrote:I allowed port for the ssh connection with this command:
But then if i set the default policy to reject all incoming traffic with this command i am loosing the ssh connection:Code: Select all
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
Why is that?Code: Select all
iptables -P INPUT DROP
Code: Select all
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Code: Select all
sudo iptables -A INPUT -j DROP
Code: Select all
iptables-save
Your original rule had "-m state --state NEW", which means it applies (accepts) only NEW (first packet of) connections.emil_21 wrote:I found the problem. It was in the rule for ssh though i am not exactly sure what was the reason. I only added this line:After that i added the rule to drop all incoming traffic and i didn't get disconnected:Code: Select all
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Code: Select all
sudo iptables -A INPUT -j DROP