why iptables doesn't seem to close the port 22?

user1814173 asked:

#iptables -L -n -v
Chain INPUT (policy ACCEPT 42 packets, 3360 bytes)
pkts bytes target     prot opt in     out     source               destination
207  15586 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
0     0    ACCEPT     tcp  --  eth0   *       78.12.0.0/14         0.0.0.0/0            tcp dpt:22
0     0    ACCEPT     tcp  --  eth0   *       84.220.0.0/14        0.0.0.0/0            tcp dpt:22
119  7108  DROP       tcp  --  *      *       !78.12.47.44         0.0.0.0/0            tcp dpt:80
0     0    DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 143 packets, 16147 bytes)
pkts bytes target     prot opt in     out     source               destination

Standing to these firewall rules, Why in the auth.log I find

Jan 24 23:51:24 vps45276 sshd[1579]: Invalid user toto from 178.32.42.238
Jan 24 23:51:24 vps45276 sshd[1579]: Received disconnect from 178.32.42.238: 11:
Bye Bye [preauth]
Jan 25 00:10:09 vps45276 sshd[1608]: Invalid user serveur from 178.32.42.238
Jan 25 00:10:09 vps45276 sshd[1608]: Received disconnect from 178.32.42.238: 11:
Bye Bye [preauth]

What I made wrong with the rules?

My answer:


You only DROPped traffic coming in on eth0. But the unwanted traffic is almost certainly coming in via a different interface. Remove that qualifier from the final DROP rule, and better yet set the INPUT table’s policy to DROP.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.