sshd and my firewall (ipf)
Marvin Bellamy
Marvin.Bellamy at innovision.com
Thu May 16 18:24:52 CDT 2002
I hope this makes it to the list. I just closed my work account until I
can reopen it from my home email account. I'm trying to open up my
firewall to ssh clients on the public internet. However, one of the
following rules blocks ssh sessions:
block return-rst in on ep0 proto tcp from any to any flags S/SA
block return-rst in on ep0 proto tcp from any to any port=auth flags S/SA
Even adding these rules, it continues to drop ssh packets:
pass in on ep0 proto tcp from any to 0/32 port = ssh flags S/SA keep state
pass in on ep0 proto udp from any to 0/32 port = ssh
Admittedly, I based my firewall rules off of templates, but these
filtering rules seem to be pretty important. And, without them I don't
get to see a lot of the scanning from public sources.
***
Question #2, what do other users do with the IPs you see in scans of
your system?
More information about the Kclug
mailing list