On Fri, Jun 26, 2020 at 6:33 PM Tom Eastep <teas...@shorewall.net> wrote:
>
> The only thing that I see in the dump is that you are dropping TCP 3389
> ESTABLISHED packets not marked with value 0xa; that might be the issue

Well, I don't know how I didn't see that, but yes, I'm sending the
packets to Suricata IPS and that was dropping 3389 because of:

Inbound RDP Connection with TLS Security Protocol Requested

I need to either change the signature action or make sure the RDP
clients don't negotiate (eg. force RDP or NLA).

Thanks,

Vieri


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to