Displaying 2 results from an estimated 2 matches for "filter_in_public_allow".
2023 Jun 11
0
Minimize sshd log clutter/spam from unauthenticated connections
...> #!/bin/sh
>
> # Syntax: $0 SRC_IP PORT
>
> NFT="/usr/sbin/nft"
> SET="fwkn"
> # Note that we are ignoring everything from the accepted fwknop
> # requests except the src IP and tgt port to be allowed ...
>
> PREP=`$NFT list chain inet firewalld filter_IN_public_allow | grep -c "@${SET}_$2"`
>
> if [ $PREP -eq 0 ]; then
> $NFT add set inet firewalld "${SET}_$2" '{ type ipv4_addr ; timeout 30s ; size 32 ; }'
> $NFT add rule inet firewalld filter_IN_public_allow ip saddr "@${SET}_$2" tcp dport &quo...
2020 Nov 15
1
[Bug 1482] New: adjacent /31 IPs in ipset
...set larcs4 {
type ipv4_addr
flags interval
elements = { ...,
82.152.159.40, 82.152.159.41,
... }
}
The membership of the ipset are used to allow access to 5071/tcp
chain filter_IN_public_allow {
ip saddr @larcs4 tcp dport 5071 ct state { new, untracked }
accept
}
In this scenario, packets from the earlier IP are accepted,
however, packets from the latter IP are rejected.
15:15:58.658139 IP 82.152.159.41.48327 > 51.195.193.238.5071: Flags [S], seq
3108250724,...