I am using the GUI firewall tool that is supplied in knoppix 3.9. I want to allow incoming access to ssh and an application server on port 62856. I've set the mode to expert even though I 'm not. When I start the firewall I can't connect on the ssh or application port. Do you know what I'm doing wrong? Note, I'm not using NAT and there is no firewall in front of of the PC. Below is the contents of /etc/sysconfig/firewall.iptables


# internal interfaces
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# all outgoing
iptables -A OUTPUT -o eth0 -j ACCEPT

# SSH access
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

# Application access
iptables -A INPUT -p tcp -i eth0 --dport 62856 -j ACCEPT

Ok, figured out the problem. After turning on the firewall I ran the command "iptables -L" to get a list of all the rules. I noticed that the rules I added in firewall.iptables were being appended after the DROP all rule. The solution is to insert the new rules before the DROP all rule. Just use "iptables -I" instead of "iptables -A"

So here it is.

# SSH access
iptables -I FROMINTERNET 3 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT

# Application access
iptables -I FROMINTERNET 4 -p tcp -m tcp --dport 62856 -m state --state NEW -j ACCEPT