Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 900 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Re: Packet Filter Bug

Manctastic
There seems to be a bug (whether by design or not) in the packet filter rules.

http://www.alexpimperton.co.uk/pictures/pf.jpg is a screenshot of my packet filter rules.

As you can see, I am only permitting a few protocols out of my LAN (INT) to the internet (EXT) and SSH is not one of them. My workstation is not the Server01 named in the rules either. 

However, I can still access external SSH servers.

I have the HTTP and DNS proxies switched on, but not the SOCKS proxy.

Anybody have any idea what's going on?


This thread was automatically locked due to age.
Parents
  • 0
    Hi Manctastic,

    your ruleset looks good.
    Could you please have a look at  
    "Packet Filter >> Advanced >> System Information >> Current System Packet Filter Rules".  Maybe you find the responsible rule. 

    "USR_FORWARD" and "AUTO_FORWARD" may be the most interesting chains.

    Maybe one of your service definitions include the ssh ports?

    Anonymous
  • 0 in reply to anonymous_02
    The rule that appears is this:

    Chain AUTO_INPUT (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 ACCEPT     tcp  --  *      *       192.168.2.0/24       0.0.0.0/0           tcp spts:1:65535 dpt:22 
        0     0 LOGDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1:65535 dpt:22 

    (sorry if it doesn't format right)

    If i switch SSH acccess to the firewall off, the rule disappears.
  • 0 in reply to Manctastic
    Mantastic,

    this is a INPUT chain. Forwarded traffic (e.g. to the internet) is not matched by that rule, so 0.0.0.0/0 destination is equivalent to the firewalls interface ip.
Reply Children
No Data