Nate, It's possible to manage your firewall exclusively with iptables, but it does add administrative overhead - you'd have to maintain the rules in rc.local or another script called from there to make sure your rules are applied on every boot.
Are you trying to allow SSH access to the Vyatta router itself, or to another host through the router? It's important to remember that traffic passing through the router is handled by a different firewall chain than the traffic destined for or originating from the router. Allowing SSH on the INPUT chain (as you described) should allow access to the Vyatta router itself, but if you're trying to allow access to another host across the router, you'd need to add the allow rule to the FORWARD chain instead. In the Vyatta CLI, allowing access to the router itself would be done with a "Local" firewall: set interfaces ethernet eth0 firewall local name eth0-allow-ssh And allowing access to other hosts through the router would be done with the "In" firewall: set interfaces ethernet eth0 firewall in name eth0-allow-ssh - Steve Nathan McBride wrote: > Hmm, ok. Can I just create my full firewall in iptables? > Last time I did that, I changed the default rule for INPUT to DROP > and then added a rule to allow ssh and it didn't seem to work? > > Thanks, > Nate > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
