Nate,

It's possible to manage your firewall exclusively with iptables, but it 
does add administrative overhead - you'd have to maintain the rules in 
rc.local or another script called from there to make sure your rules are 
applied on every boot. 

Are you trying to allow SSH access to the Vyatta router itself, or to 
another host through the router?  It's important to remember that 
traffic passing through the router is handled by a different firewall 
chain than the traffic destined for or originating from the router.

Allowing SSH on the INPUT chain (as you described) should allow access 
to the Vyatta router itself, but if you're trying to allow access to 
another host across the router, you'd need to add the allow rule to the 
FORWARD chain instead. 

In the Vyatta CLI, allowing access to the router itself would be done 
with a "Local" firewall:
set interfaces ethernet eth0 firewall local name eth0-allow-ssh

And allowing access to other hosts through the router would be done with 
the "In" firewall:
set interfaces ethernet eth0 firewall in name eth0-allow-ssh

- Steve


Nathan McBride wrote:
> Hmm, ok.  Can I just create my full firewall in iptables?
> Last time I did that, I changed the default rule for INPUT to DROP
> and then added a rule to allow ssh and it didn't seem to work?
>
> Thanks,
> Nate
>   
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Reply via email to