Kevin Fenzi wrote: > Optionally, you can add in between these 2 rules: > > iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT I prefer to use "-m state --state NEW" or --syn for that. Other packets should be allowed only for existing connections.