Seems I just needed a line added in policy sshok all CONTINUE
Le samedi 07 octobre 2023 à 19:24 -0400, Christophe PEREZ a écrit : > Now that I have finally managed to activate the dynamic zones, I > would > like to be able to use them to allow ssh access to my FW on the fly. > I only have one interface: eth0 > > zones: > fw firewall > net ipv4 > sshok:net ipv4 dynamic_shared > > hosts: > sshok eth0:dynamic > > policy: > net all DROP info > all all REJECT info > > rules: > SSH(ACCEPT) net:+sshok fw > > > But my access is REJECTed: > Oct 8 01:17:20 myfw kernel: [2589.152380] sshok-fw REJECT IN=eth0 > OUT= > MAC=fa:16:3e:77:ac:2a:2a:9c:dc:33:c6:4b:08: 00 SRC=ssh_client_IP > DST=fw_ip LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=5951 DF PROTO=TCP > SPT=29346 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 > > What is my mistake please? -- Christophe _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
