On 21/05/2013 18:01, Nick Khamis wrote: > For testing purposes I changed the ssh rule to: > > -A TCP -p tcp -m tcp --dport 22 -j ACCEPT > -A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP > > And still no go. As mentioned before, everything works fine until I > try to close up the rest of the ports not opened up in the chains > "UDP" and "TCP" stated above: > > #echo -e " - Dropping input TCP and UDP traffic to closed ports" > -A INPUT -i $INTIF1 -p tcp -j REJECT --reject-with tcp-rst > -A INPUT -i $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable > > #echo -e " - Dropping output TCP and UDP traffic to closed ports" > -A OUTPUT -o $INTIF1 -p tcp -j REJECT --reject-with tcp-rst > -A OUTPUT -o $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable > > #echo -e " - Dropping input traffic to remaining protocols sent > to closed ports" > -A INPUT -i $INTIF1 -j REJECT --reject-with icmp-proto-unreachable > > #echo -e " - Dropping output traffic to remaining protocols sent > to closed ports" > -A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable > > That is when I cannot SSH over to the server.
Now you are feeling the pain. Drive to where the router is and fix it on the console then put conntrack back. -- Alan McKinnon alan.mckin...@gmail.com
