Re: Filtered address in can login

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Are you sure your default POLICIES are ok? I mean...
do you have somewhere:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
... your script ...
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

You should also consider adding rules for the DNS to work.


vladimir wrote:

Hi, I have iptables-1.2.7a and 2.4.26 kernel and there is something
strange.
I have the following rule:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 0/0 --protocol tcp --destination-port 80 -j ACCEPT
iptables -A INPUT -s IP_ADDR  --protocol tcp --destination-port 22  -j
ACCEPT
iptables -A INPUT -p tcp --syn -j DROP

So I expect that only  the specified IP_ADDR can ssh to port 22 in my
server.
But in /var/log/secure I see that some other IP's for example
168.179.113.141 try to login to ssh  with different user names to my
server.
However, then I try ssh to that server not from IP_ADDR I can not, as
expected.
Please tell me how this 168.179.113.141 bypass my firewall.
Thank you very much, Vladimir


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux