pi.ilpiola.it: The site about Raspberry Pi and Roberto Piola
Actually, you can also disable iptables (and, by default, it is disabled in raspbian, while it allows access from the local LAN only in raspbmc), and place another firewaall in front of the pi, but this is unnecessary.
Most adsl routers will allow you to forward ports (80 for web, 22 for ssh, etc) from the outside to the pi, but some do not permit to select the source. I wanted to enable access to my pi only from my office, so:
iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT iptables -A INPUT -i $IFACE -j DROPinsert on top of it your custom rules and reboot: (here, I assumed that 1.2.3.0 is the ip subnet of my office):
# open any protocol from my office iptables -A INPUT -s 1.2.3.0/24 -i $IFACE -j ACCEPT # open amule from the world iptables -A INPUT -m tcp -p tcp --dport 4662 -i $IFACE -j ACCEPT iptables -A INPUT -m udp -p udp --dport 4665 -i $IFACE -j ACCEPT # default rule: allow everything from the local lan, refuse everything else iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT