Lets see if i can explain this.
Firewall rules (Incomming port 1. WAN port):
1. allow SSH TCP port 22 from ip xxx.yyy.aaa.bbb
2. Deny all incomming
I also got the basic rules for accept for state established and related. Nothing else is allowed on incomming on this machine.
Service list for ssh is allow all.
So far so good. When i test from several external ips nothing happen. I cant get in. Thats expected right.
I can get in from ip xxx.yyy.aaa.bbb and that is ok aswell.
BUT.
Every now and then i can see this in logs:
09:16:18 system,error,critical login failure for user root from aaa.bbb.ccc.ddd via ssh
09:16:22 system,error,critical login failure for user root from aaa.bbb.ccc.ddd via ssh
09:16:26 system,error,critical login failure for user root from aaa.bbb.ccc.ddd via ssh
How the heck can someone get in at all?
Does Ip service list sometimes go before firewall rules and sometimes not? What have i missed? The router itself is fresh installed and this happens.
edit: Some info about the system:
RB750 running at v5.13