Secure Firewall Settings

This topic contains 1 reply, has 0 voices, and was last updated by  faximilian 4 years, 10 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #44157


    Dear friends,

    I am worried about my zeroshell firewall.

    1 hour ago I had a ssh connection to zeroshell on port 22 from Ukraina with a lot of traffic.

    Could someone please help me to harden my firewall.

    I have closed the http/https access from outside now, but this can be only a workaround. SSH is still open – I cannot work without it. SMTP/IMAP have to be open, too (not an open relay!).

    Here are my FW settings

    FORWARD Chain

    Chain FORWARD (policy DROP 5 packets, 300 bytes)
    pkts bytes target prot opt in out source destination
    16410 1944K ACCEPT all -- ETH00 *
    7 572 ACCEPT all -- BOND00 *
    12117 3685K ACCEPT all -- * * state RELATED,ESTABLISHED

    INPUT Chain

    Chain INPUT (policy DROP 1429 packets, 101K bytes)
    pkts bytes target prot opt in out source destination
    63653 12M SYS_GUI all -- * *
    63653 12M SYS_INPUT all -- * *
    27 1236 SYS_HTTPS tcp -- * * tcp dpt:80
    6053 922K SYS_HTTPS tcp -- * * tcp dpt:443
    544 42776 SYS_SSH tcp -- * * tcp dpt:22
    15907 1686K ACCEPT all -- ETH00 *
    1 56 ACCEPT all -- BOND00 *
    8374 733K ACCEPT all -- * * state RELATED,ESTABLISHED
    0 0 Proxy tcp -- * * tcp dpt:55559

    OUTPUT Chain

    Chain OUTPUT (policy ACCEPT 5496 packets, 1712K bytes)
    pkts bytes target prot opt in out source destination
    55505 12M SYS_OUTPUT all -- * *

    Are there any open user accounts with default passwords?
    Is there any other security vulnerability I don’t know about…





    Did you enabled ‘login’ and ‘login fail’ events in Monitoring ? I hope that there isn’t a bug, afaik Fulvio worked hard to solve the latest security issues, releasing the 3.2.1 which would eliminate the last known risks ….
    And about the LOG , is possible to know more about what happened ?



    Sorry for the delayed answer. The router has crashed a few days ago – actually I don’t know why. I have to wait until I have physical access.

    With the existing log file I cannot give you more information about the kind of access. All I know is that they caused about 25kbit traffic. The router has been accessed from different locations on different days.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.