Jeffrey Siegal wrote: > Kevin Fenzi wrote: > >> Optionally, you can add in between these 2 rules: >> iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT > > > I prefer to use "-m state --state NEW" or --syn for that. Other packets > should be allowed only for existing connections. Has to be NEW,ESTABLISHED doesn't it? Dave