X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 53BCBDC0413
	for <alpine-devel@lists.alpinelinux.org>; Fri, 13 Apr 2012 06:53:48 +0000 (UTC)
Received: by bkcjc3 with SMTP id jc3so2805731bkc.13
        for <alpine-devel@lists.alpinelinux.org>; Thu, 12 Apr 2012 23:53:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:subject:from:to:date:content-type:x-mailer
         :content-transfer-encoding:mime-version;
        bh=TdHuN2VUggRhk4NK8xeo1wlXiP+2Y3UaDU1KcFO03kA=;
        b=PZdxP/6leDVHd0wMTTmC9VBOw+9IKoI121nm0f1S2lDF+MGY0KstN+8zwFiY+EGpm7
         qttHbaYNWPSmtZ1Wu1FJ8HlkcPg0vi20qQMcumArdUg78vqWyT++MhIXUM2NVMzNVDSx
         /Km/yDJN06Fgl2sa3FQFOSZUh6UYi1iR9IuxpL3SahWjIJFIaV1mZzR+ElhvnhAiVR/G
         jmYvf6njw9wIHzCQuDGUuATc0VhyEenGc7q1YoAIjh+RMWB5xIOHZ+GS1kC5CIR563DH
         6DsVPOSWL7GDEGgmul4jJZlvf60JvwV3eSE6GpQrq8+xmhYfAUUkIWZ1jKADTnf1sGkR
         Tycg==
Received: by 10.204.156.2 with SMTP id u2mr146995bkw.101.1334300026448;
        Thu, 12 Apr 2012 23:53:46 -0700 (PDT)
Received: from [10.44.65.254] (93-57-120-162.ip164.fastwebnet.it. [93.57.120.162])
        by mx.google.com with ESMTPS id cy11sm14816351bkb.7.2012.04.12.23.53.43
        (version=SSLv3 cipher=OTHER);
        Thu, 12 Apr 2012 23:53:45 -0700 (PDT)
Message-ID: <1334300016.25030.15.camel@df1844j>
Subject: [alpine-devel] edge 120403: bug in netfilter?
From: Leonardo <rnalrd@gmail.com>
To: Alpine-devel <alpine-devel@lists.alpinelinux.org>
Date: Fri, 13 Apr 2012 08:53:36 +0200
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.2- 
Content-Transfer-Encoding: 7bit
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0

Hi,

I have an edge box with latest edge snapshot with shorewall installed.
Once logged remotely via ssh I've setup and started Shorewall with the
following rule:

ACCEPT		all		fw		tcp	22

After that, I'm no longer able to establish new ssh connections from any
IP address.

Thinking of a Shorewall issue (hoping to see AWall soon! Thanks kunkku!)
I did "shorewall clear", and I was able to login via ssh again. 

So, instead of Shorewall, I've setup plain iptables rules:

iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT -d $MYIP -p tcp --dport 22 -j ACCEPT

I didn't change the default INPUT policy (ACCEPT). After that, again, I
wasn't able to login via ssh anymore.

Anybody noticed the same issue, or am I missing something obvious?

Thanks

- leonardo




---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---