1 |
On 21/05/2013 18:01, Nick Khamis wrote: |
2 |
> For testing purposes I changed the ssh rule to: |
3 |
> |
4 |
> -A TCP -p tcp -m tcp --dport 22 -j ACCEPT |
5 |
> -A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP |
6 |
> |
7 |
> And still no go. As mentioned before, everything works fine until I |
8 |
> try to close up the rest of the ports not opened up in the chains |
9 |
> "UDP" and "TCP" stated above: |
10 |
> |
11 |
> #echo -e " - Dropping input TCP and UDP traffic to closed ports" |
12 |
> -A INPUT -i $INTIF1 -p tcp -j REJECT --reject-with tcp-rst |
13 |
> -A INPUT -i $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable |
14 |
> |
15 |
> #echo -e " - Dropping output TCP and UDP traffic to closed ports" |
16 |
> -A OUTPUT -o $INTIF1 -p tcp -j REJECT --reject-with tcp-rst |
17 |
> -A OUTPUT -o $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable |
18 |
> |
19 |
> #echo -e " - Dropping input traffic to remaining protocols sent |
20 |
> to closed ports" |
21 |
> -A INPUT -i $INTIF1 -j REJECT --reject-with icmp-proto-unreachable |
22 |
> |
23 |
> #echo -e " - Dropping output traffic to remaining protocols sent |
24 |
> to closed ports" |
25 |
> -A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable |
26 |
> |
27 |
> That is when I cannot SSH over to the server. |
28 |
|
29 |
|
30 |
Now you are feeling the pain. |
31 |
|
32 |
Drive to where the router is and fix it on the console then put |
33 |
conntrack back. |
34 |
|
35 |
|
36 |
|
37 |
-- |
38 |
Alan McKinnon |
39 |
alan.mckinnon@×××××.com |