Hi,
If I comment out
#REJECT net fw tcp 8123
This port is permanently open whatever I knock 1600 or 1599
JF Bogaerts
------------------------------------------------------------------------
On 5/12/21 18:22, Justin Pryzby wrote:
On Sun, Dec 05, 2021 at 05:50:44PM +0100, Jean-Francois Bogaerts wrote:
Using command "shorewall show events" I can see the event was triggered but
the relevant port action is not taked into account
From the log I can see ACCEPT and REJECT actions
Dec 5 17:22:46 nltsystem1 kernel: [436257.294886] SSHKnock ACCEPT IN=eth1 OUT=
MAC=00:1e:10:1f:00:00:00:10:20:30:40:50:08:00 SRC=95.182.129.33
DST=192.168.8.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=8083 DF PROTO=TCP
SPT=48364 DPT=1600 WINDOW=64240 RES=0x00 SYN URGP=0
Dec 5 17:22:57 nltsystem1 kernel: [436268.464919] SSHKnock REJECT IN=eth1 OUT=
MAC=00:1e:10:1f:00:00:00:10:20:30:40:50:08:00 SRC=95.182.129.33
DST=192.168.8.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=7950 DF PROTO=TCP
SPT=39338 DPT=1599 WINDOW=64240 RES=0x00 SYN URGP=0
I'm using the bare sample except that I want to open or close TCP port 8123
REJECT net fw tcp 8123
SSHKnock:info net fw tcp 8123,1599-1601
The first rule is hit first, so you're always rejecting 8123, rather than
conditionally allowing it.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
