Hi friends,

On Debian Jessie,
I've configured ProFtpd to connect by tls (SSLv3 TLSv1 -> Letsencypt certificate) on port 2222 but with Shorewall up, it DROP the connection:



Aug 8 18:50:10 server kernel: [16438563.572121] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=132.142.22.10 DST=44.320.032.111 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=63283 DF PROTO=TCP SPT=33175 DPT=55298 WINDOW=29200 RES=0x00 SYN URGP=0


My rules.conf:

                                                        PORT    PORT(S)         
DEST            LIMIT           GROUP
?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW

Invalid(DROP)  net              $FW             tcp

Ping(DROP)      net             $FW

ACCEPT          $FW             net             icmp

Web(ACCEPT)     net             $FW
ACCEPT net $FW tcp 443 #HTTPS
ACCEPT          net             $FW             tcp             60319 #SSH
ACCEPT net $FW tcp 587 #SUBMISSION SERVICE DOVECOT ACCEPT net $FW tcp 995 #SUBMISSION SERVICE DOVECOT SSL/TSL ACCEPT net $FW tcp 993 #SUBMISSION SERVICE DOVECOT SSL/TSL ACCEPT net $FW tcp 110 #SUBMISSION SERVICE DOVECOT STARTTLS ACCEPT net $FW tcp 143 #DOVECOT POSTFIX ACCEPT net $FW tcp 25 #POSTFIX ACCEPT net $FW tcp 21 #PROFTP ACCEPT net $FW tcp 22 #PROSFTP
SSH(ACCEPT)     net             $FW             tcp             2222  #PROSFTP



Now I wondering where is the problem,

I've Fail2ban installed too and I've already clarified in its ML that this is not a problem that concerns F2B


A thanks to all those who want to help me better understand this issue!

Davide
Italy

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to