X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from localhost (unknown [189.124.130.205]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nc@alpinelinux.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id 16EEDDC0123; Fri, 13 Apr 2012 20:15:34 +0000 (UTC) Date: Fri, 13 Apr 2012 22:15:35 +0200 From: Natanael Copa To: Leonardo Cc: Alpine-devel Subject: Re: [alpine-devel] edge 120403: bug in netfilter? Message-ID: <20120413221535.16060469@alpinelinux.org> In-Reply-To: <1334300016.25030.15.camel@df1844j> References: <1334300016.25030.15.camel@df1844j> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.10; i686-pc-linux-gnu) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 13 Apr 2012 08:53:36 +0200 Leonardo wrote: > Hi, > > I have an edge box with latest edge snapshot with shorewall installed. > Once logged remotely via ssh I've setup and started Shorewall with the > following rule: > > ACCEPT all fw tcp > 22 > > After that, I'm no longer able to establish new ssh connections from > any IP address. > > Thinking of a Shorewall issue (hoping to see AWall soon! Thanks > kunkku!) I did "shorewall clear", and I was able to login via ssh > again. > > So, instead of Shorewall, I've setup plain iptables rules: > > iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -I INPUT -d $MYIP -p tcp --dport 22 -j ACCEPT > > I didn't change the default INPUT policy (ACCEPT). After that, again, > I wasn't able to login via ssh anymore. > > Anybody noticed the same issue, or am I missing something obvious? Did you add the interface to any zone? -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---