SSH Downstream Access

amnesicus · March 25, 2012, 5:36am

Someone could explain me what does mean Downstream Access. I’ve found this concept associated to this code to prevent SSH brute access

/ip firewall filter
add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no

It is strange for me that it uses chain=forward instead of chain=input

Salud!

jandafields · March 25, 2012, 7:08pm

amnesicus:

Someone could explain me what does mean Downstream Access. I’ve found this concept associated to this code to prevent SSH brute access
/ip firewall filter
add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no
It is strange for me that it uses chain=forward instead of chain=input

Salud!

Downstream means this: This rule is NOT for the ssh server running on the routeros, but instead it is for an ssh server on another pc when port 22 is FORWARDed to a pc with an SSH server.

amnesicus · March 25, 2012, 9:35pm

Thanks for your answer. Then I suppose downstream access applies to every service which access implies a forward rule, right?

Salud!

jandafields · March 25, 2012, 11:17pm

According to that defination, yes… although I wouldn’t use that word because it isn’t very precise and generally refers to an unrelated ISP terminology. You should refer to it as internal servers or somthing similiar.