W dniu 2020.03.11 o 18:36, Erich Titl pisze:
Have you tested this with traffic from another country? In my case the
DROP rule is applied incorrectly, e.g. all the time. The same would
probably be true for an ALLOW rule.
I suppose that there shall be no difference between the ways of your
approach. It should doesn't matter if you allow one you need with rules
entry and then DROP the others in policy or do it in the opposite way.
To be honest I have tested my shorewall's rules on the basis of blocking
SSH traffic from China. Namely when I opened port tcp/22 to the world
for some days I have had plenty /var/log/secure entries of login
attempts just from IPs located in China country. My fail2ban daemon
banned many such IP s. To be sure I have checked these IP s with whois
program. I ask you is it just a coincidence that most of all brute
logins attempt come from China? After that I blocked China for all the
traffic also, I have simply added CN to the blrules, including output
NATed traffic too. Since this time I have no issues with unauthorized
logins.
Best regards,
Witek
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
