search for: allowssh

Please consider adding the following features to sshd: 1. AlwaysDenyLogin - a setting that will result in always denying login regardless of the credentials given by the client. 2. LoginDelayTime - to specify a delay in milliseconds before the server responds to a client's login attempt. These would help to employ brute force bots. Regards

...e internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH net fw I have setup the "two interface example" with modifications: Eth1 is the interface connected to adsl (ppp0) and eth0 the interface connected to LAN. (I tried the connections from the internet (job) + I used web services that check a firewall for open ports http://pro...

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

...rst rest + ''['' xAllowFTP = xINCLUDE '']'' + echo ''AllowFTP #Accept FTP'' + read first rest + ''['' xAllowDNS = xINCLUDE '']'' + echo ''AllowDNS #Accept DNS'' + read first rest + ''['' xAllowSSH = xINCLUDE '']'' + echo ''AllowSSH #Accept SSH'' + read first rest + ''['' xAllowWeb = xINCLUDE '']'' + echo ''AllowWeb #Allow Web Browsing'' + read first rest + ''['' xAllowSMB = xINCLUDE '']...

I''m showing some wierd open ports, considering I only have two allow rules: AllowSSH & AllowAuth neverneverland:/# nmap localhost Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-17 23:49 CDT Interesting ports on neverneverland (127.0.0.1): (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 9/tcp open discard 13/tcp...

Believe me: Read the FAQ Checked over and over This might be toooooo stupid to be documented. Please bear with me. Any help ? Situation: single card standalone "firewall" (used like a "personal firewall"). Have sshd running on the FW. Want the sshd daemon to be accessible only from 2 LANs: 1) My other home LAN machine 2) IBM intranet machines (9.0.0.0) Whatever I have

...hroom and our internal network. Basically nothing should be allowed into the techroom and only a limited amount of traffic is to leave the techroom. Below are a few log entries I looking to get explained. DHCP is handled by the firewall, DNS is handled by servers side our techroom. my rules file AllowSSH all fw AllowDNS all net:10.1.1.159,10.1.1.160 AllowFTP loc net AllowWeb loc net AllowPOP3 loc net AllowSMTP loc net:172.16.35.10,172.16.35.33 AllowSMB loc net:10.1.1.159,10.1.1.160 my policy file loc all...

...icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 Chain AllowSMTP (4 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 Chain AllowSSH (7 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain AllowWeb (9 references) pkts bytes target prot opt in out source d...

...r ACCEPT fw ogo ACCEPT all all DROP - providers: SVR 1 1 main eth1 IP.OF.SVR.GW track (?) eth0 OGO 2 2 main eth2 IP.OF.OGO.GW track (?) eth0 - zones: svr svr svr ogo ogo ogo loc loc loc - rules: AllowPing svr fw AllowSSH svr fw AllowFTP svr fw AllowSMTP svr fw AllowPing ogo fw AllowSSH ogo fw AllowFTP ogo fw AllowSMTP ogo fw So, the main Q is: if I use PBR via "ip route" command from the script, will the above files do exactly what I want? I think, no :-). Any h...

...n.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3.....

This rule with a long name and logging: AllowInternetPrintingProtocol:debug causes this iptables error: Processing /etc/shorewall/rules... Rule "AllowSSH:info net fw" added. Rule "AllowPing:info net fw" added. Rule "AllowWeb:debug net fw" added. iptables v1.2.9: Maximum prefix length 29 for --log-prefix Try `iptables -h'' or ''iptables --help'' for more information. Fixing this...

Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja

...es: ACCEPT  loc     net:192.168.1.1,192.168.1.249,192.168.1.250 ACCEPT  net:192.168.1.1,192.168.1.249,192.168.1.250     loc ACCEPT  loc     net     tcp     smtp ACCEPT  loc     net     tcp     http ACCEPT  loc     net     tcp     ftp AllowPing       loc     net ACCEPT  loc     net     tcp     pop3 AllowSSH        loc     fw AllowSSH        net     fw AllowPing       loc     fw AllowPing       fw      loc AllowPing       fw      net ACCEPT          net:192.168.1.248,192.168.1.249,192.168.1.250   fw AllowSMB        loc     net AllowSMB        net     loc AllowSMB        net     fw AllowSMB        loc  ...

I''m running a Fedora Core 1 Samba server and Shorewall 2.0.1 Connections to Samba shares from both loc hosts and the fw host are usually impossible, unless I boot the Server and connect a loc machine to a Samba share before starting Shorewall. This requires manually toggling the startup_disabled filename and starting Shorewall manually after each boot. I used the two-interface

...################################################ #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP ACCEPT net fw icmp 8 ACCEPT fw net icmp AllowSSH net:208.181.211.253,216.232.104.112 fw AllowWeb net fw AllowSMTP net fw AllowNTP net fw #IRLP ports ACCEPT net fw tcp 15425:15427 ACCEPT net fw udp 2074:2093 #TNOS ports ACCEPT net fw udp 53...

...n.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3.....

...action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3......

...hare/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3... Pre-processing /us...

Hello, all. I''ve been trying to get shorewall to get LISa working on my Gentoo box. It works as long as I have shorewall turned off, but whenever I turn it on, it seems to block all LISa activity. I have TCP port 7741 opened (as per lisa-home.sourceforge.net), and nmap says it''s open. Ethereal indicates that LISa is communicating via TCP port 7741, from 127.0.0.1 to