Stephen Benoit (Linux) wrote:
Hello, Frédéric. To block (reject) a TCP port $SERVICE (22 in this case) on the external interface, try a rule like: # iptables -I INPUT 1 -j REJECT -p tcp -s 0/0 -i $EXTERNAL_INTERFACE --dport $SERVICE With your earlier rules in place, tcp port 22 on the internal interface and tcp port 12345 on the external interface should both still work.
Hi,The server that I want access through SSH is different from the firewall, the server is in the DMZ and has one network interface (chains INPUT or OUTPUT), the firewall with two network interfaces (chain FORWARD). The INPUT chain on the firewall is not involved in the decision.
Regards. -- ============================================== | FRÉDÉRIC MASSOT | | http://www.juliana-multimedia.com | | mailto:frederic@juliana-multimedia.com | ===========================Debian=GNU/Linux===