On Sun, Dec 05, 2021 at 05:50:44PM +0100, Jean-Francois Bogaerts wrote: > Using command "shorewall show events" I can see the event was triggered but > the relevant port action is not taked into account > > From the log I can see ACCEPT and REJECT actions > Dec 5 17:22:46 nltsystem1 kernel: [436257.294886] SSHKnock ACCEPT IN=eth1 > OUT= MAC=00:1e:10:1f:00:00:00:10:20:30:40:50:08:00 SRC=95.182.129.33 > DST=192.168.8.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=8083 DF PROTO=TCP > SPT=48364 DPT=1600 WINDOW=64240 RES=0x00 SYN URGP=0 > Dec 5 17:22:57 nltsystem1 kernel: [436268.464919] SSHKnock REJECT IN=eth1 > OUT= MAC=00:1e:10:1f:00:00:00:10:20:30:40:50:08:00 SRC=95.182.129.33 > DST=192.168.8.100 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=7950 DF PROTO=TCP > SPT=39338 DPT=1599 WINDOW=64240 RES=0x00 SYN URGP=0
> I'm using the bare sample except that I want to open or close TCP port 8123 > REJECT net fw tcp 8123 > SSHKnock:info net fw tcp 8123,1599-1601 The first rule is hit first, so you're always rejecting 8123, rather than conditionally allowing it. -- Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
