[Solved] Why do I see ssh warnings for traffic that should be firewalled?
I have a firewall with SSH access allowed on the WAN, but only for a limited set of hosts that are defined as alias. I upgraded it to 2.4.4_1 a few days ago and now I see a bunch of log messages that don't seem right:
Here are my firewall rules on the WAN:
I don't think the IP I highlighted in the log should even be allowed to hit the SSH daemon. It's not in my
Admin_Hostsaliases. Can anyone explain why that IP is even allowed to make an attempt?
Are you running an IDS like Snort, Suricata or pfBlockerNG?
@KOM No, but, after comparing it to similar configs, I tracked it down to a floating firewall rule (used for traffic shaping) that had a
Passaction instead of a