Community discussions

MUM Europe 2020
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Mon Jan 31, 2005 7:47 pm

Filter Rules do not block SSH

Sun Dec 10, 2006 12:25 pm

When i add the following rules to my mikrotik. I still can connect to the server with ssh. I have created and interface called 2-4 DMZ. And am dropping everything accept icmp. Why can is still use putty to connect to (CentOS Box)

0 ;;; DMZ Regels
chain=input in-interface=2-4 DMZ dst-address=
protocol=icmp action=accept

1 chain=output out-interface=2-4 DMZ dst-address=
protocol=icmp action=accept

2 chain=output out-interface=2-4 DMZ action=log log-prefix="DMZ"

3 chain=output out-interface=2-4 DMZ action=drop

4 chain=input in-interface=2-4 DMZ action=log log-prefix="DMZ"

5 chain=input in-interface=2-4 DMZ action=drop

6 ;;; DMZ Regels BF2
chain=input dst-address= protocol=udp dst-port=16567

7 chain=output out-interface=2-4 DMZ dst-address= protocol=ud>
dst-port=55123-55125 action=accept
User avatar
Forum Veteran
Forum Veteran
Posts: 888
Joined: Mon Jun 06, 2005 6:48 am

Sun Dec 10, 2006 1:24 pm

Wouldn't you need to use foward not input and output?

I'm not sure
User avatar
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Sun Dec 10, 2006 2:09 pm

Exactly. The input and output chains refer to traffic destined for and originating from the router. If you want to block traffic traversing the router then you need to use the forward chain.



Who is online

Users browsing this forum: adxc147, afuchs, FlyRaz and 146 guests