OK, let me provide more info.

 

As I discovered, using a rule like the following:

 

DNAT       net  fw:$FW_LAN_side:22      tcp     7805

 

did not prevent an attacker from going through my Shorewall firewall by
issuing a command equivalent to the following:

 

wget
"http://<IP-addr>:7805/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3
D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_incl
ude%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/pa
sswd%00%20-n HTTP/1.1" 302 527 "-" "curl/7.19.4 (i386-redhat-linux-gnu)
libcurl/7.19.4 NSS/3.12.2.0 zlib/1.2.3 libidn/0.6.14 libssh2/0.18"

 

as I could discover in the /var/log/access.log log file. 

Hence my question about whether there is a feature that allows to associate
a port to a specific process running on the firewall. 

In this case, for instance, dedicating port 7805 to process sshd.

 

Thanks for your help,

 

Costa

 

From: Costantino [mailto:watchs...@yahoo.co.uk] 
Sent: 08 January 2013 12:03
To: 'Shorewall Users'
Subject: [Shorewall-users] constraint port access to specific application

 

Following the discovery of an http scanning attempt on a port on my firewall
that I intended dedicated to ssh access use, I've come to realise that I
didn't know how to use Shorewall to constraint port access to specific
application of my choice. 

A quick search on the Internet did not provide me with hints enough to let
me be self reliant in my learning, hence my request for help in order to
plug the hole as soon as possible.

 

First of all (a) is there such a feature in Shorewall and (b) if yes, is
there a manual that teach how to use it?

Alternatively, what other options are left to me?

 

Thanks for advising me.

 

Costa

------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to