-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Stevens wrote: <<-- SNIP -->> >> Hi >> Sorry to hijack this tread. The above should it be before, or after >> you allow the ssh port ? > > Before. You want packets NOT rejected by that bit to fall through to > other rules for further processing. > > ---------------------------------------------------------------------- > - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - > - CDN Systems, Internap, Inc. http://www.internap.com - > - - > - Change is inevitable, except from a vending machine. - > ---------------------------------------------------------------------- > YES, and at the very bottom be sure to add the DENY or LOG and DROP line. The default for the interface rule is sometimes easily missed by the eyes and having a glaring, catch all rule at the bottom makes it stand out when you have problems. - -James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG6tqtkNLDmnu1kSkRAsZ0AJ0duCgv6CPzyubf3yWS3XFW8qD7sgCdFg5E ajSfilwXZDFsq/JJo1bRjQA= =lNn4 -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net
