the firewall should be configured so untrusted hosts (e.gthe web server -- any box that isn't the box that people are expected to log in from) can't connect to the SSH port (or any other service) on the firewall. 34.8. Where filter rules act Joe - iptables (2.4 kernels) has ...