From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8BFA91381F3 for ; Tue, 21 May 2013 16:01:39 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0D7FFE0877; Tue, 21 May 2013 16:01:30 +0000 (UTC) Received: from mail-la0-f42.google.com (mail-la0-f42.google.com [209.85.215.42]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B32EBE0870 for ; Tue, 21 May 2013 16:01:28 +0000 (UTC) Received: by mail-la0-f42.google.com with SMTP id fg20so890207lab.15 for ; Tue, 21 May 2013 09:01:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=pfmXLTDaJl30Z4tLOJPwxzQgB2c2Q+fhdHeWmbghmYQ=; b=Y/RB9u/DjtSkoxVcnVSHEEuxxw/FhPPi3mipX65/9GNVWuNi6T02uwzFsNBaLksFP1 69O2SxEpIXU3zCBl38zrctFBhZppaoX9COCaRw5zmb58TxQNbrlmEt1R+exiZx3rEB3B FJ9Kfnw8+HDtUs7GCXk5pzxDgjEuFkmkgE3qubmvZioU6r7usI+7qQbKtCSJnq0J0jF3 hKGm4SPQCTN1eXLg7O4R3SVrT82T4yfx6u8AooheReySjKp4CBj1Dp2X2eJIvvUIGDTf xgH4ula6VLOhx+x+8wHaHAJdGJh2NremfXG8GcMQX7iZuUrlbXyjcLy7Xtx3xopU4cQL vl1w== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.112.205.231 with SMTP id lj7mr1934414lbc.27.1369152086916; Tue, 21 May 2013 09:01:26 -0700 (PDT) Received: by 10.114.92.35 with HTTP; Tue, 21 May 2013 09:01:26 -0700 (PDT) In-Reply-To: <201305211133.03830.neal.p.murphy@alum.wpi.edu> References: <201305211133.03830.neal.p.murphy@alum.wpi.edu> Date: Tue, 21 May 2013 12:01:26 -0400 Message-ID: Subject: [gentoo-user] Re: IPTables - Going Stateless From: Nick Khamis To: gentoo-user Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 39226094-f0cc-4dc4-be35-b704f6e05737 X-Archives-Hash: b4f38aa8660bc6b4617a050350ae587f For testing purposes I changed the ssh rule to: -A TCP -p tcp -m tcp --dport 22 -j ACCEPT -A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP And still no go. As mentioned before, everything works fine until I try to close up the rest of the ports not opened up in the chains "UDP" and "TCP" stated above: #echo -e " - Dropping input TCP and UDP traffic to closed ports" -A INPUT -i $INTIF1 -p tcp -j REJECT --reject-with tcp-rst -A INPUT -i $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable #echo -e " - Dropping output TCP and UDP traffic to closed ports" -A OUTPUT -o $INTIF1 -p tcp -j REJECT --reject-with tcp-rst -A OUTPUT -o $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable #echo -e " - Dropping input traffic to remaining protocols sent to closed ports" -A INPUT -i $INTIF1 -j REJECT --reject-with icmp-proto-unreachable #echo -e " - Dropping output traffic to remaining protocols sent to closed ports" -A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable That is when I cannot SSH over to the server. N.