| 1 |
On 21/05/2013 18:01, Nick Khamis wrote: |
| 2 |
> For testing purposes I changed the ssh rule to: |
| 3 |
> |
| 4 |
> -A TCP -p tcp -m tcp --dport 22 -j ACCEPT |
| 5 |
> -A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP |
| 6 |
> |
| 7 |
> And still no go. As mentioned before, everything works fine until I |
| 8 |
> try to close up the rest of the ports not opened up in the chains |
| 9 |
> "UDP" and "TCP" stated above: |
| 10 |
> |
| 11 |
> #echo -e " - Dropping input TCP and UDP traffic to closed ports" |
| 12 |
> -A INPUT -i $INTIF1 -p tcp -j REJECT --reject-with tcp-rst |
| 13 |
> -A INPUT -i $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable |
| 14 |
> |
| 15 |
> #echo -e " - Dropping output TCP and UDP traffic to closed ports" |
| 16 |
> -A OUTPUT -o $INTIF1 -p tcp -j REJECT --reject-with tcp-rst |
| 17 |
> -A OUTPUT -o $INTIF1 -p udp -j REJECT --reject-with icmp-port-unreachable |
| 18 |
> |
| 19 |
> #echo -e " - Dropping input traffic to remaining protocols sent |
| 20 |
> to closed ports" |
| 21 |
> -A INPUT -i $INTIF1 -j REJECT --reject-with icmp-proto-unreachable |
| 22 |
> |
| 23 |
> #echo -e " - Dropping output traffic to remaining protocols sent |
| 24 |
> to closed ports" |
| 25 |
> -A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable |
| 26 |
> |
| 27 |
> That is when I cannot SSH over to the server. |
| 28 |
|
| 29 |
|
| 30 |
Now you are feeling the pain. |
| 31 |
|
| 32 |
Drive to where the router is and fix it on the console then put |
| 33 |
conntrack back. |
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
-- |
| 38 |
Alan McKinnon |
| 39 |
alan.mckinnon@×××××.com |
Archives