KVM doesn’t work with Iptables

Does anybody here use Iptables with KVM VPS hosting Linux? I used to be able to do this with a Linode nanode back in the day, pre 2022, but not anymore. Adding firewall rules to limit SSH access to my home IP address just cuts off my access. I recently tried several other VPS vendors with the same result. I’m using very basic firewall rules here as follows, where x.x.x.x is my home IP:

-A INPUT -s x.x.x.x/32 -p tcp -m tcp —-sport 22 -j ACCEPT
-A INPUT -p udp -m udp —-sport 67 —-dport 68 -j ACCEPT
-A OUTPUT -d x.x.x.x/32 -p tcp -m tcp —-dport 22 -j ACCEPT
-A OUTPUT -p udp -m udp —-sport 68 —-dport 67 -j ACCEPT
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP

I have the same issue with other ports such as 5900, so this is not just an SSH problem. Thanks for your help.

The source port used by SSH clients to connect to servers is a (random) ephemeral port and NOT the (default/reserved) port TCP 22 used by the SSH daemon running on the server that listens for incoming SSH connection.

That means that a rule using the source port -A INPUT -s x.x.x.x/32 -p tcp -m tcp —-sport 22 -j ACCEPT is wrong. That rule does not allow incoming SSH connections.
That should probably be: —-dport 22 -j ACCEPT.

Second: when experimenting with firewall rules it is strongly recommended to use the REJECT method rather than DROP. The REJECT method will send ICMP connection refused messages that allow for easier and quicker debugging.

Third: start by filtering only ingress (INPUT) on a server and allow all egress, as egress filtering (OUTPUT rules) are an additional complication and require a thorough understanding of all activities by the base OS and the running applictaions of your VPS.