Problem with Firewall Rule

ionutserban · May 31, 2019, 4:30pm

Hello everyone,

I have the following rule:

/ip firewall filter
add action=drop chain=forward comment=“Deny SFTP traffic to DESTSERVER” dst-address=172.26.0.2 dst-port=22 out-interface=LTE protocol=tcp

Also this router should exchange banking data with payment pos. Since i added this rule to block traffic through SSH on that destination IP address payments are not working properly and it happens random as hell.

I was wondering if in firewall rule “dst-port=22” will only block SSH connection for that IP_addr or will block for every other connection?
Any ideas?

Thank you!

CZFan · June 6, 2019, 10:54pm

It will block ssh, but as sftp runs over ssh session, it will also block sftp

jebz · June 10, 2019, 1:14am

.
Check the counters when you’re experiencing random application of the rule.The counters will tell you if it’s the rule or something else.

rbnewfan · June 10, 2019, 8:06am

Depends on what other rules are in effect, their order as well. This rule would block as it says - to this dst IP and this port.
Maybe your banking traffic depends in some step on SSH/port22 and is not always in effect.
Sometimes things are not that simple as one single TCP connection. As other said, look at rule’s counter if it increments while banking payment is executing.