From: "Samuel Díaz García" <samueldg@arcoscom.com>
To: lst_hoe01@kwsoft.de
Cc: netfilter@lists.netfilter.org
Subject: Re: Firewall did not block SSH - what is wrong
Date: Tue, 22 Feb 2005 14:39:34 +0100 [thread overview]
Message-ID: <20050222133934.2148.qmail@arcoscom.com> (raw)
In-Reply-To: <1109078739.421b32d3b20bd@webmail.kwsoft.de>
try something as:
#Substitute values for yours.
#your iptables binary
IPT=iptables
#your external iface
EFACE=ppp0
$IPT -A INPUT -i $EFACE -p tcp --dport ssh --syn -j DROP
Say us if that is your need and if that works fine for you.
lst_hoe01@kwsoft.de writes:
> Zitat von Hilmar Berger <Hilmar.Berger@gmx.de>:
>
>>
>> Hi,
>>
>> I am running iptables 1.2.11/Linux 2.4.27-pre2. Firewall is started when ADSL
>> connection is going up.
>> The rule set I use is from some example iptables ruleset to set up
>> IP-masquerading. I needed this sometime ago in order to connect my laptop to
>> my desktop and connect to internet through its dsl modem.
>> I never had any trouble with my firewall before. It worked as expected - at
>> least that's what it seems to me.
>>
>> Today someone tried to break in my machine (desktop, the one the firewall is
>> running on) by connection to sshd - which should have been blocked. I tried
>> to test if this was because my firewall rules are bad or because there is
>> some other bug. Unfortunately, I don't have another machine around right now
>> and iptables does not have the -C option that exists with ipchains to check
>> if the rules work as desired.
>
> With this rule
>
> # remote interface, any source, going to permanent PPP address is valid
> #
> $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT
>
> and sshd bind to any interface you should not wonder why every one can connect
> to your firewall sshd and any other service running on the firewall ...
>
> Regards
>
> Andreas
>
>
>
Samuel Díaz García
Director Gerente
ArcosCom Wireless, S.L.L.
mailto:samueldg@arcoscom.com
http://www.arcoscom.com
móvil: 651 93 72 48
tlfn.: 956 70 13 15
fax: 956 70 34 83
next prev parent reply other threads:[~2005-02-22 13:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-21 19:36 Firewall did not block SSH - what is wrong Hilmar Berger
2005-02-22 13:25 ` lst_hoe01
2005-02-22 13:39 ` Samuel Díaz García [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-02-22 19:16 ju0815nk
2005-02-23 7:42 ` lst_hoe01
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050222133934.2148.qmail@arcoscom.com \
--to=samueldg@arcoscom.com \
--cc=lst_hoe01@kwsoft.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox