This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Re: Packet Filter Bug

There seems to be a bug (whether by design or not) in the packet filter rules.

http://www.alexpimperton.co.uk/pictures/pf.jpg is a screenshot of my packet filter rules.

As you can see, I am only permitting a few protocols out of my LAN (INT) to the internet (EXT) and SSH is not one of them. My workstation is not the Server01 named in the rules either.

However, I can still access external SSH servers.

I have the HTTP and DNS proxies switched on, but not the SOCKS proxy.

Anybody have any idea what's going on?

This thread was automatically locked due to age.

Parents

0 Manctastic over 21 years ago

Just to follow up on my own post it seems that if you enable SSH access to the firewall, it adds a packet filter rule that allows SSH traffic from whatever range you have specified to any host, not just the firewall.

Not sure if this is by design, can any one from astaro comment?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Manctastic over 21 years ago

Just to follow up on my own post it seems that if you enable SSH access to the firewall, it adds a packet filter rule that allows SSH traffic from whatever range you have specified to any host, not just the firewall.

Not sure if this is by design, can any one from astaro comment?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 SecApp over 21 years ago in reply to Manctastic

I don't think that's by design...
Cancel
Vote Up 0 Vote Down

Cancel
0 anonymous_02 over 21 years ago in reply to Manctastic

Hi Manctastic,

the ssh rule is placed in the input chain. Therefore it matches only traffic to the firewall.

greetings

Anonymous
Cancel
Vote Up 0 Vote Down

Cancel