by Vinod Gup » Fri, 27 Sep 2002 22:09:13
I have confugured ipchains to reject any connection to my ssh port from all
networks except a few which I normally use. My syslog shows messages from
sshd that some connect attempts were made and rejected by sshd from clients
outside the allowed networks. Why wouldn't ipchains block all such packets
before application layer?
Vinod.
by Ange » Fri, 27 Sep 2002 22:38:19
> I have confugured ipchains to reject any connection to my ssh port from all
> networks except a few which I normally use. My syslog shows messages from
> sshd that some connect attempts were made and rejected by sshd from clients
> outside the allowed networks. Why wouldn't ipchains block all such packets
> before application layer?
> Vinod.
Check none of your rules above it in the chain are also matching and
accepting.
by Lafage, Guillaume [CTF:4907:EXCH » Fri, 27 Sep 2002 22:57:01
> > I have confugured ipchains to reject any connection to my ssh port from all
> > networks except a few which I normally use. My syslog shows messages from
> > sshd that some connect attempts were made and rejected by sshd from clients
> > outside the allowed networks. Why wouldn't ipchains block all such packets
> > before application layer?
> > Vinod.
> perhaps you have an accept rule above it in the chain or perhaps your
> deny rule hasn't been specified correctly.
> Check none of your rules above it in the chain are also matching and
> accepting.
Guillaume.
by Ange » Fri, 27 Sep 2002 23:15:15
>>>I have RH7.2 with ipchains-1.3.10-10 on Intel box.
>>>I have confugured ipchains to reject any connection to my ssh port from all
>>>networks except a few which I normally use. My syslog shows messages from
>>>sshd that some connect attempts were made and rejected by sshd from clients
>>>outside the allowed networks. Why wouldn't ipchains block all such packets
>>>before application layer?
>>>Vinod.
>>perhaps you have an accept rule above it in the chain or perhaps your
>>deny rule hasn't been specified correctly.
>>Check none of your rules above it in the chain are also matching and
>>accepting.
> To check this you might add a debug rule.
> Guillaume.
1. 98 -> Linux -> internet ipchains worked so well
kerenel 2.2.9
NT -> Linux -> internet ipchains doesn't, what gives?
TIA.
2. Need help with resetting NIS+ user passwds
4. SSRT2316 Sec. Vulnerability in DNS and resolver lib's (rev.11)
5. ANNOYING > ipchains works fine AFTER I log in and ping my internal network!
6. HELP !!!
7. Why does logging make ipchains work?
8. Restricted Shell in Linux Boxes???
9. ipchains works for masq, iptables does not
10. masq: Asheron's Call. ipchains works, iptables does not
11. ipchains-save, ipchains-restore (and WINS)
12. ipchains: command not found - only sometimes (ipchains newbie)
13. ipchains log analysis tool (ipchains-db.pl)