Zitat von Hilmar Berger <Hilmar.Berger@xxxxxx>: > > Hi, > > I am running iptables 1.2.11/Linux 2.4.27-pre2. Firewall is started when ADSL > connection is going up. > The rule set I use is from some example iptables ruleset to set up > IP-masquerading. I needed this sometime ago in order to connect my laptop to > my desktop and connect to internet through its dsl modem. > I never had any trouble with my firewall before. It worked as expected - at > least that's what it seems to me. > > Today someone tried to break in my machine (desktop, the one the firewall is > running on) by connection to sshd - which should have been blocked. I tried > to test if this was because my firewall rules are bad or because there is > some other bug. Unfortunately, I don't have another machine around right now > and iptables does not have the -C option that exists with ipchains to check > if the rules work as desired. With this rule # remote interface, any source, going to permanent PPP address is valid # $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT and sshd bind to any interface you should not wonder why every one can connect to your firewall sshd and any other service running on the firewall ... Regards Andreas
