From 28566d7f29046e6cc958121aab0ffec9572bf1cb Mon Sep 17 00:00:00 2001
From: a3nm <a3nm@a3nm.net>
Date: Mon, 11 Dec 2017 08:44:34 +0100
Subject: [PATCH] document firewall rules (#6)

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index 8278052..ef592c0 100644
--- a/README.md
+++ b/README.md
@@ -63,3 +63,17 @@ ssh root@rpi3
 # Enter password “raspberry”
 ```
 
+Note that the default firewall rules only allow SSH access from the local
+network. If you wish to enable SSH access globally, first change your root
+password using `passwd`. Next, issue the following commands as root to remove
+the corresponding firewall rules:
+
+```shell
+iptables -F INPUT
+ip6tables -F INPUT
+```
+
+This will allow SSH connections globally until the next reboot. To make this
+persistent, remove the lines containing "REJECT" in `/etc/iptables/rules.v4` and
+`/etc/iptables/rules.v6`.
+