holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct FAQ 1e

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-02-25 08:54:14 -08:00
parent 7ffe8e4e4b
commit d20ad64739
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/FAQ.xml
View File

@ -406,6 +406,14 @@ DNAT net loc:192.168.1.3:22 tcp 1022</programlisting>
the net. Is it possible to only redirect 4104 to the localhost port 22
and have connection attempts to port 22 from the net dropped?</title>
<important>
<para>On systems with the "Extended Conntrack Match"
(NEW_CONNTRACK_MATCH) capability (see the output of
<command>shorewall show capabilities</command>), port 22 is opened
only to connections whose original destination port is 4104 and this
FAQ does not apply.</para>
</important>
<para><emphasis role="bold">Answer </emphasis>courtesy of Ryan: Assume
that the IP address of your local firewall interface is 192.168.1.1.
If you configure SSHD to only listen on that address and add the