Community discussions

MUM Europe 2020
 
raymonvdm
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Mon Jan 31, 2005 7:47 pm

Filter Rules do not block SSH

Sun Dec 10, 2006 12:25 pm

When i add the following rules to my mikrotik. I still can connect to the server with ssh. I have created and interface called 2-4 DMZ. And am dropping everything accept icmp. Why can is still use putty to connect to 192.168.13.200 (CentOS Box)


0 ;;; DMZ Regels
chain=input in-interface=2-4 DMZ dst-address=192.168.13.250
protocol=icmp action=accept

1 chain=output out-interface=2-4 DMZ dst-address=192.168.13.0/24
protocol=icmp action=accept

2 chain=output out-interface=2-4 DMZ action=log log-prefix="DMZ"

3 chain=output out-interface=2-4 DMZ action=drop

4 chain=input in-interface=2-4 DMZ action=log log-prefix="DMZ"

5 chain=input in-interface=2-4 DMZ action=drop

6 ;;; DMZ Regels BF2
chain=input dst-address=192.168.13.200 protocol=udp dst-port=16567
action=accept

7 chain=output out-interface=2-4 DMZ dst-address=192.168.13.200 protocol=ud>
dst-port=55123-55125 action=accept
 
User avatar
Equis
Forum Veteran
Forum Veteran
Posts: 888
Joined: Mon Jun 06, 2005 6:48 am

Sun Dec 10, 2006 1:24 pm

Wouldn't you need to use foward not input and output?

I'm not sure
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Sun Dec 10, 2006 2:09 pm

Exactly. The input and output chains refer to traffic destined for and originating from the router. If you want to block traffic traversing the router then you need to use the forward chain.

Regards

Andrew

Who is online

Users browsing this forum: No registered users and 48 guests