• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Solved] Why do I see ssh warnings for traffic that should be firewalled?

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 388 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    ryan87
    last edited by ryan87 Jan 9, 2019, 5:50 AM Jan 8, 2019, 11:56 PM

    I have a firewall with SSH access allowed on the WAN, but only for a limited set of hosts that are defined as alias. I upgraded it to 2.4.4_1 a few days ago and now I see a bunch of log messages that don't seem right:

    logs

    Here are my firewall rules on the WAN:

    wan-rules

    I don't think the IP I highlighted in the log should even be allowed to hit the SSH daemon. It's not in my Admin_Hosts aliases. Can anyone explain why that IP is even allowed to make an attempt?

    1 Reply Last reply Reply Quote 0
    • K
      KOM
      last edited by Jan 9, 2019, 12:54 AM

      Are you running an IDS like Snort, Suricata or pfBlockerNG?

      1 Reply Last reply Reply Quote 0
      • R
        ryan87
        last edited by Jan 9, 2019, 5:50 AM

        @KOM No, but, after comparing it to similar configs, I tracked it down to a floating firewall rule (used for traffic shaping) that had a Pass action instead of a Match action.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received