OK, let me provide more info.
As I discovered, using a rule like the following: DNAT net fw:$FW_LAN_side:22 tcp 7805 did not prevent an attacker from going through my Shorewall firewall by issuing a command equivalent to the following: wget "http://<IP-addr>:7805/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3 D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_incl ude%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/pa sswd%00%20-n HTTP/1.1" 302 527 "-" "curl/7.19.4 (i386-redhat-linux-gnu) libcurl/7.19.4 NSS/3.12.2.0 zlib/1.2.3 libidn/0.6.14 libssh2/0.18" as I could discover in the /var/log/access.log log file. Hence my question about whether there is a feature that allows to associate a port to a specific process running on the firewall. In this case, for instance, dedicating port 7805 to process sshd. Thanks for your help, Costa From: Costantino [mailto:watchs...@yahoo.co.uk] Sent: 08 January 2013 12:03 To: 'Shorewall Users' Subject: [Shorewall-users] constraint port access to specific application Following the discovery of an http scanning attempt on a port on my firewall that I intended dedicated to ssh access use, I've come to realise that I didn't know how to use Shorewall to constraint port access to specific application of my choice. A quick search on the Internet did not provide me with hints enough to let me be self reliant in my learning, hence my request for help in order to plug the hole as soon as possible. First of all (a) is there such a feature in Shorewall and (b) if yes, is there a manual that teach how to use it? Alternatively, what other options are left to me? Thanks for advising me. Costa
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
