On Sun, Nov 15, 2009 at 05:32:49PM -0800, Colin Wetherbee wrote:
> Nov 15 15:59:25 lamp kernel: [1220466.684307] vrmr: DROP no SYN IN=eth1
> OUT=eth1 SRC=172.20.40.22 DST=172.20.40.2 LEN=116 TOS=0x10 PREC=0x00 TTL=63
> ID=14380 DF PROTO=TCP SPT=33687 DPT=22 WINDOW=1448 RES=0x00 ACK PSH URGP=0
>
> ... followed by five similar messages, during which SSH was not responding.
I have hacked up a solution to my SSH connection woes. It's by no means
elegant, but it does the job by deleting the LOG and DROP rules that cause the
connections to die.
It's just a matter of discipline to remember to run this script each time I
reset my firewall rules. Fortunately, that's not very often at all.
(I tried writing this script without relying on line numbers, but I became
annoyed with "iptables -D" and gave up.)
#!/bin/zsh
LC_ALL=C
for chain in INPUT FORWARD OUTPUT
do
for line_num in $(iptables --line-numbers -L "$chain" |
grep -F 'tcp flags:!FIN,SYN,RST,ACK/SYN state NEW' |
sort -nr |
cut -f 1 -d ' ')
do
iptables -D "$chain" "$line_num"
done
done
Thanks again for your continuing help, Victor.
Colin
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Vuurmuur-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
