Thank you for your feedback!!  It was a lot of help! ------------------------ Keith Smith --- On Fri, 7/1/11, Lisa Kachold wrote: From: Lisa Kachold Subject: Re: IPTables question To: "Main PLUG discussion list" Date: Friday, July 1, 2011, 5:14 PM Hi... On Fri, Jul 1, 2011 at 12:22 PM, Mike Ballon wrote: When listing try iptables -L -n also you should see a port, ex: ACCEPT     tcp  --            state NEW tcp dpt:22  or in your case I'm guessing ici is the protocol and you grep ici from /etc/services you'll see port 2200 I would just use the IP on the rule unless you have a reason not to. On Fri, Jul 1, 2011 at 2:54 PM, keith smith wrote: Hi, I added a rule : iptables -A INPUT -p tcp -s --dport 22 -j ACCEPT and when I list the iptables I see:  ACCEPT     tcp  --  anywhere            tcp dpt:ici Are the below two rules the same? iptables -A INPUT -p tcp -s --dport 22 -j ACCEPT iptables -A INPUT -p tcp -s --dport 22 -j ACCEPT Depending on your DNS settings, yes.  If you use a "hostname" entry in /etc/hosts that conflicts with DNS, you might find a hang. This is clearly your SWIP'd IP address in a dynamic pool from your upstream utility provider; which is only loaned.  Since SSH requires reverse DNS authentication as part of the RFC, you cannot have mismatched IP to hostname, especially if in your /etc/ssh/sshd_config you have strict checking enabled. I would ALWAYS use the IP address ONLY in iptables.   in other words can I use in place of the IP? Also I do not see the port when I issue iptables -L ?  How can I sell if the rule applies to a specific port? An easier way to learn iptables is to use the actual configuration syntax reported via # /sbin/iptables-save You can see the port and each line EXACTLY as entered then. You can pipe to a file: # /sbin/iptables-save >/tmp/iptables-$date You can edit that file # vi /tmp/iptables-$date You can restore that file after edits BEWARE of FLUSHING DNS unless you are directly in front of your machine or KNOW WHAT YOU ARE DOING! #/sbin/iptables-restore