Ludwig Nussel wrote:
Otto Rodusek (AP-SGP) wrote:
Ludwig Nussel wrote:
Otto Rodusek (AP-SGP) wrote:
Check the output of
SuSEfirewall2 status
I did as you requested and got LOTS of output (i've attached it here in gz format - hope I didn't break any netiquette) but I'm not sure what to look for!!?? Sorry, I'm not to expert in iptables!! Thanks and rgds. Otto.
There are lots and lots of drop rules for invididual IP addresses in the INPUT chain. Then a drop rule that unconditionally drops everything follows. So in theory you won't receive any traffic. Where do does that come from? Looks like some script running out of control.
eth1 is your internal interface and eth0 the external one. Most traffic is on the internal one.
You have FW_SERVICES_EXT_TCP=22 and FW_SERVICES_ACCEPT_EXT also set. Since rules for FW_SERVICES_EXT_TCP are installed first the latter rules never match. => Remove ports from FW_SERVICES_EXT_TCP that are also covered by FW_SERVICES_ACCEPT_EXT.
cu Ludwig
Hi Ludwig, Thanks for your followup and explanation - I have removed port 22 on the line with FW_SERVICES_EXT_TCP=22 (which comes well before the next code and set up FW_SERVICES_ACCEPT_EXT as per the doc - so will monitor to see if I now get 3 sshd logins per 60 seconds from same ip. Yes, you are correct - eth0 is my external and eth1 is the internal. The numerous drops are a result of a perl script I run that (tails the log file) and sets an ip rule for "not allowed logins" after 3 chances - so that part is correct. I am in the process of changing that part of the perl code to instead write to hosts.deny to simplify the iptables. Again much thanks for your helpful hints. Best regards. Otto. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org