Secure Firewall Settings

Forums Network Management Firewall, Traffic Shaping and Net Balancer Secure Firewall Settings

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #44157

    Dear friends,

    I am worried about my zeroshell firewall.

    1 hour ago I had a ssh connection to zeroshell on port 22 from Ukraina with a lot of traffic.

    Could someone please help me to harden my firewall.

    I have closed the http/https access from outside now, but this can be only a workaround. SSH is still open – I cannot work without it. SMTP/IMAP have to be open, too (not an open relay!).

    Here are my FW settings

    FORWARD Chain

    Chain FORWARD (policy DROP 5 packets, 300 bytes)
    pkts bytes target prot opt in out source destination
    16410 1944K ACCEPT all -- ETH00 *
    7 572 ACCEPT all -- BOND00 *
    12117 3685K ACCEPT all -- * * state RELATED,ESTABLISHED

    INPUT Chain

    Chain INPUT (policy DROP 1429 packets, 101K bytes)
    pkts bytes target prot opt in out source destination
    63653 12M SYS_GUI all -- * *
    63653 12M SYS_INPUT all -- * *
    27 1236 SYS_HTTPS tcp -- * * tcp dpt:80
    6053 922K SYS_HTTPS tcp -- * * tcp dpt:443
    544 42776 SYS_SSH tcp -- * * tcp dpt:22
    15907 1686K ACCEPT all -- ETH00 *
    1 56 ACCEPT all -- BOND00 *
    8374 733K ACCEPT all -- * * state RELATED,ESTABLISHED
    0 0 Proxy tcp -- * * tcp dpt:55559

    OUTPUT Chain

    Chain OUTPUT (policy ACCEPT 5496 packets, 1712K bytes)
    pkts bytes target prot opt in out source destination
    55505 12M SYS_OUTPUT all -- * *

    Are there any open user accounts with default passwords?
    Is there any other security vulnerability I don’t know about…




    Did you enabled ‘login’ and ‘login fail’ events in Monitoring ? I hope that there isn’t a bug, afaik Fulvio worked hard to solve the latest security issues, releasing the 3.2.1 which would eliminate the last known risks ….
    And about the LOG , is possible to know more about what happened ?


    Sorry for the delayed answer. The router has crashed a few days ago – actually I don’t know why. I have to wait until I have physical access.

    With the existing log file I cannot give you more information about the kind of access. All I know is that they caused about 25kbit traffic. The router has been accessed from different locations on different days.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.