Remote ssh access

 ïðåäûäóùåì ñîîáùåíèè âñå íå ïîìåñòèëîñü, ïðîäîëæó â ýòîì.

post-firewall âûãëÿäèò òàê:

Code:

---

#!/bin/sh

PATH=/sbin:/bin:/usr/sbin:usr/bin:/opt/sbin:/opt/bin:/opt/local/bin

logger "post-firewall started"

#this rule can be uncommented for the testing period
#iptables -A INPUT -p tcp --syn --dport 2222 -j ACCEPT

# set default policy
iptables -P INPUT DROP

# remove last default rule
iptables -D INPUT -j DROP

# ***ssh subsection begin***
SSH_PORT=12345
SSH_ALLOW=/usr/local/etc/ssh.allow
SSH_DENY=/usr/local/etc/ssh.deny

# Create a new SSH_EVAL chain which will evaluate incoming connections to ssh server from WAN
iptables -N SSH_EVAL

# Transfer all ssh connections to the SSH_EVAL chain
iptables -A INPUT -p tcp --dport $SSH_PORT -j SSH_EVAL

# Evaluate incoming ssh connections through ssh.allow and ssh.deny lists
for i in `awk '{print $1}' $SSH_ALLOW`
do
    iptables -A SSH_EVAL -p tcp --syn -s $i --dport $SSH_PORT -j ACCEPT
done
for i in `awk '{print $1}' $SSH_DENY`
do
    iptables -A SSH_EVAL -p tcp --syn -s $i --dport $SSH_PORT -j DROP
done

# Block annoying intruder's attemtps (after --hitcount connections occured, wait --seconds after the last connection attempt)
# Remember, that both successful and unsuccessful connections are counted
iptables -A SSH_EVAL -i ! $3 -p tcp -m state --state NEW --dport $SSH_PORT -m recent --set --name SSH_ATTACKER --rsource
iptables -A SSH_EVAL -i ! $3 -p tcp -m state --state NEW --dport $SSH_PORT -m recent --update --seconds 600 --hitcount 4 --name SSH_ATTACKER --rsource -j DROP

# Accept the rest of ssh connections which were able to pass through the filtering
iptables -A SSH_EVAL -p tcp --syn --dport $SSH_PORT -j ACCEPT
# ***ssh subsection end***

# Low PPTP speed fix
iptables -t nat -nvL POSTROUTING | grep MASQUERADE | awk '{
    "ifconfig "$7" | grep Mask" | getline ip;
    split(ip,ip,":"); split(ip[2],ip," ");
    split($8,src,"!");
    if (src[1]=="") {src="! -s "src[2]} else {src="-s "src[1]};
    if ($9=="0.0.0.0/0") {dst=""} else {dst="-d "$9};
    system("iptables -t nat -A POSTROUTING -o "$7" "src" "dst" -j SNAT --to-source "ip[1]);
    system("iptables -t nat -D POSTROUTING -o "$7" "src" "dst" -j MASQUERADE");
}'

---

Ñîáñòâåííî, ìåíÿ íå íàïðÿãàåò îòñóòñòâèå â ëîãàõ IP-àäðåñà àòàêóþùåãî. Íî äëÿ ïîëíîòû êàðòèíû íå ïîìåøàåò. Òåì áîëåå, ÷òî ðàíüøå âñå ðàáîòàëî. Ê òîìó æå, âîçìîæíî, ýòî ÿâëÿåòñÿ ïðèçíàêîì íåïðàâèëüíûõ íàñòðîåê â iptables èëè åùå ãäå.

Íå ïîäñêàæóò ëè óâàæàåìûå çíàòîêè, ãäå êîïàòü? Åñëè âîïðîñ óæå îáñóæäàëñÿ, ïîäñêàæèòå, ïîæàëóéñòà, ãäå ñìîòðåòü, ñàì íå íàøåë.

Ïî÷åìó-òî ïðè èñïîëüçîâàíèè ýòîãî ñêðèïòà (post-firewall) uTorrent íå ìîæåò ïðèíèìàòü âõîäÿùèå ïîäêëþ÷åíèÿ, âñòðîåííàÿ ïðîâåðêà ãîâîðèòü, ÷òî ïîðò çàêðûò.

Ïîìîãèòå ïîæàëóéñòà ðàçîáðàòüñÿ: ÷òî îçíà÷àþò ñòðîêè
grep -q -- '--dport 0\b' /tmp/nat_rules && grep -v -- '--dport 0\b' /tmp/nat_rules | iptables-restore
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

è íå ìîæåò ëè áûòü ïðîáëåìà â òîì, ÷òî ìû îáíóëÿåì âñå ïðàâèëà ïåðâûìè äâóìÿ ñòðî÷êàìè ñêðèïòà?

Çàðàíåå áîëüøîå ñïàñèáî!

Quote:

---

Originally Posted by al37919

iptables -P INPUT DROP
iptables -D INPUT -j DROP
SSH_PORT=22
SSH_ALLOW=/usr/local/etc/ssh.allow
SSH_DENY=/usr/local/etc/ssh.deny
ssh server from WAN
iptables -N SSH_EVAL
iptables -A INPUT -p tcp --dport $SSH_PORT -j SSH_EVAL
for i in `awk '{print $1}' $SSH_ALLOW`
do
iptables -A SSH_EVAL -p tcp --syn -s $i --dport $SSH_PORT -j ACCEPT
done
for i in `awk '{print $1}' $SSH_DENY`
do
iptables -A SSH_EVAL -p tcp --syn -s $i --dport $SSH_PORT -j DROP
done

iptables -A SSH_EVAL -i ! $3 -p tcp -m state --state NEW --dport $SSH_PORT -m recent --set --name SSH_ATTACKER --rsource
iptables -A SSH_EVAL -i ! $3 -p tcp -m state --state NEW --dport $SSH_PORT -m recent --update --seconds 600 --hitcount 4 --name SSH_ATTACKER --rsource -j DROP

iptables -A SSH_EVAL -p tcp --syn --dport $SSH_PORT -j ACCEPT

grep -q -- '--dport 0\b' /tmp/nat_rules && grep -v -- '--dport 0\b' /tmp/nat_rules | iptables-restore
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

---

500 gpV2 ñ ïðîøèâêîé îò ýíòóçèàñòîâ 1.9.2.7-d-r1087.
íóæåí ìíå óäàëåííûé äîñòóï ñíàðóæè ïî SSH.
ðåãèñòðèðóþñü â dyndns - ðîóòåð èçâíå ïèíãóåòñÿ íîðìàëüíî.
âêëþ÷àþ â íåì SSH íà ïîðòó 443.
èäó íà nettols.ru, ïðîâåðÿþ - ãîâîðèò, ÷òî èçâíå ïîðò 443 çàêðûò.
âêëþ÷àþ íà ðîóòåðå äîñòóï ê web ìîðäå ïî 8080.
ïûòàþñü èçâíå â ãóãëõðîìå çàëåçòü íà http:// ìîéäèíäíñ:8080 - íåò îòâåòà îò ñåðâåðà.
÷òî è ãäå ïîäêðóòèòü ÷àéíèêó?
ñïàñèáî.

èñõîäíûå äàííûå:
wl500gp v.1 - 1.9.2.7-d-r2624
áåëûé äèíàìè÷åñêèé ip, îáðàùàþñü ÷åðåç DynDNS.
ssh ñëóøàåò ïîðò, íàïðèìåð, 57000.

ñ ðàáîòû (Win7 Ultimate, ñèæó çà ôðåé, âñå íàðóæó îòêðûòî) ïûòàþñü çàéòè íà ðîóòåð ñ ïîìîùüþ putty. ðàçðåøèë â âèíäîâîì ôàéðâîëëå putty, ïîäêëþ÷èëñÿ íà ïîðò, íàïðèìåð, 57000, íî ñïóòàë ëîãèí è çàêðûë åå.
ïîñëå ýòîãî ïðîáîâàë åùå ðàç äåñÿòü - íîëü ýôôåêòà, òàéìàóò ïîäêëþ÷åíèÿ.

äîáðàëñÿ äî äîìà, âèæó â ëîãàõ óäà÷íîå ïîäêëþ÷åíèå

Code:

---

Mar 30 10:27:54 dropbear[557]: Child connection from my_work_ip:55558
Mar 30 10:28:15 dropbear[557]: login attempt for nonexistent user from my_work_ip:55558
Mar 30 10:28:21 dropbear[557]: exit before auth: Exited normally

---

Âîïðîñ, â îáùåì, â ñëåäóþùåì - îòêóäà âçÿëñÿ ýòîò ëåâûé ïîðò, è ÷òî ÿ âîîáùå äåëàþ íå òàê?

Ñïàñèáî.

my_work_ip:55558 --- ýòî èñõîäÿùèé ïîðò
login attempt for nonexistent user from my_work_ip:55558 --- ýòî âïîëíå åñòåñòâåííûé îòëóï ïðè íåïðàâèëüíîì èìåíè ïîëüçîâàòåëÿ
exit before auth: Exited normally --- ýòî çàêðûòèå âòîðîé êîïèè dropbear, êîòîðàÿ ñîçäàåòñÿ íà êàæäîå íîâîå ñîåäèíåíèå.

 îáùåì, íåò ïðè÷èí äëÿ áåñïîêîéñòâà --- ñóäÿ ïî ïðèâåäåííîìó ëîãó ó âàñ âñå â àáàæóðå.

Quote:

---

Originally Posted by al37919

my_work_ip:55558 --- ýòî èñõîäÿùèé ïîðò
login attempt for nonexistent user from my_work_ip:55558 --- ýòî âïîëíå åñòåñòâåííûé îòëóï ïðè íåïðàâèëüíîì èìåíè ïîëüçîâàòåëÿ
exit before auth: Exited normally --- ýòî çàêðûòèå âòîðîé êîïèè dropbear, êîòîðàÿ ñîçäàåòñÿ íà êàæäîå íîâîå ñîåäèíåíèå.

 îáùåì, íåò ïðè÷èí äëÿ áåñïîêîéñòâà --- ñóäÿ ïî ïðèâåäåííîìó ëîãó ó âàñ âñå â àáàæóðå.

---

íå âñå, îäíàêî. putty ïåðåñòàë êîííåêòèòüñÿ (ïîäêëþ÷èëñÿ âñåãî îäèí ðàç) è îòâàëèâàåòñÿ ïî òàéìàóòó ñîåäèíåíèÿ. îäèí ðàç ñìîã è âñå.
ìîæåò èç îïûòà ïîäñêàæåòå ÷òî, à òî ÿ çà äâà äíÿ óæå ôðþ èçó÷èë, à òîëêó íåò, â ëîãàõ ðîóòåðà êîííåêòîâ íåò.

òå â ëîãå dropbear áîëüøå íå óïîìèíàëñÿ?
ïðè÷åì ïî âîçâðàùåíèè dropbear â çàïóùåííûõ ïðîöåññàõ ïðèñóòñòâîâàë?

÷òî ìîæíî ñäåëàòü:
1) åñëè ïîäîçðåíèÿ íà çàùèòó recent è ó ôðè àäðåñ ñòàòè÷åñêèé, òî åãî ìîæíî ïðîïèñàòü â áåëûé ñïèñîê (ôàéë /usr/local/etc/ssh.allow ). Òîãäà íà ýòîò àäðåñ/ïîäñåòü îíà íå ðàñïðîñòðàíÿåòñÿ
2) åñëè äåéñòâèòåëüíî ïàäàåò dropbear, òî ìîæíî â cron çàñóíóòü ÷òî-òî ïîäîáíîå äëÿ åãî ïåðåïîäúåìà ðàç ìèíóò â 5-10:

Code:

---

#! /bin/sh

# This script checks to make sure important
# processes are running (in case they crash).
# It also makes sure annoying or unwanted
# programs are not running.

# Based on:
# http://wl500g.info/showthread.php?t=2556

ensure()
{
  [ $ENSURE = "no" ] && exit
  name=$1
  cmd=$2
  [ -z "$2" ] && cmd="$name"
  running=`/bin/ps | grep "$name" | grep -v "grep"`
  if [ -z "$running" ]; then
    logger -t ensure-proc "$name: restarting"
    $cmd
  fi
}

ensure dropbear

---

3) Åñëè çàíèìàòüñÿ èññëåäîâàíèåì ïðîáëåìû ñâÿçàííîé ñ ôàéðâîëîì, òî æåëàòåëüíî ôèçè÷åñêè íàõîäèòüñÿ âíóòðè íåãî. Ò.å. äåëàåì êîííåêò íà ôðþ è ñ íåå ëîãèíèìñÿ îáðàòíî è èùåì ãäå è ïî÷åìó ÷òî-òî íå òàê.

Quote:

---

Originally Posted by al37919

òå â ëîãå dropbear áîëüøå íå óïîìèíàëñÿ?
ïðè÷åì ïî âîçâðàùåíèè dropbear â çàïóùåííûõ ïðîöåññàõ ïðèñóòñòâîâàë?

---

äà, è ïóñêàåò è èçíóòðè, è ñ ìîáèëêè. â ëîãå áîëüøå íåò åãî.

Quote:

---

Originally Posted by al37919

1) åñëè ïîäîçðåíèÿ íà çàùèòó recent è ó ôðè àäðåñ ñòàòè÷åñêèé, òî åãî ìîæíî ïðîïèñàòü â áåëûé ñïèñîê (ôàéë /usr/local/etc/ssh.allow ). Òîãäà íà ýòîò àäðåñ/ïîäñåòü îíà íå ðàñïðîñòðàíÿåòñÿ

---

çâàòðà îáÿçàòåëüíî ïîïðîáóþ è îòïèøóñü. îäíàêî, ïî÷åìó îäèí ðàç âñå-òàêè ïðîñêî÷èë êîííåêò, íåïîíÿòíî. ñëó÷èëîñü ýòî ïîñëå âíåñåíèÿ èñêëþ÷åíèÿ â âèíäîâûé ôàéðâîëë.

Quote:

---

Originally Posted by al37919

2) åñëè äåéñòâèòåëüíî ïàäàåò dropbear, òî ìîæíî â cron çàñóíóòü ÷òî-òî ïîäîáíîå äëÿ åãî ïåðåïîäúåìà ðàç ìèíóò â 5-10:

---

óâåðåí, ÷òî íå ïàäàåò, âñå ñòàáèëüíî.

Quote:

---

Originally Posted by al37919

3) Åñëè çàíèìàòüñÿ èññëåäîâàíèåì ïðîáëåìû ñâÿçàííîé ñ ôàéðâîëîì, òî æåëàòåëüíî ôèçè÷åñêè íàõîäèòüñÿ âíóòðè íåãî. Ò.å. äåëàåì êîííåêò íà ôðþ è ñ íåå ëîãèíèìñÿ îáðàòíî è èùåì ãäå è ïî÷åìó ÷òî-òî íå òàê.

---

äà, òî÷íî, âîò îá ýòîì êàê-òî è íå ïîäóìàë.

çàâòðà ïðîâåðþ, îòïèøóñü, ñïàñèáî.

 îáùåì, âñå îêàçàëîñü ïðîùå è äóðíåå.
Èç-çà ãëþ÷íîãî adsl èíòåðíåòà î÷åíü äîëãî ïðîèñõîäèò ñîåäèíåíèå, è putty óñïåâàåò îòâàëèòüñÿ ïî òàéìàóòó.

À òàê - âñå ðàáîòàåò.

Quote:

---

Originally Posted by DmitryZz

500 gpV2 ñ ïðîøèâêîé îò ýíòóçèàñòîâ 1.9.2.7-d-r1087.
íóæåí ìíå óäàëåííûé äîñòóï ñíàðóæè ïî SSH.
ðåãèñòðèðóþñü â dyndns - ðîóòåð èçâíå ïèíãóåòñÿ íîðìàëüíî.
âêëþ÷àþ â íåì SSH íà ïîðòó 443.
èäó íà nettols.ru, ïðîâåðÿþ - ãîâîðèò, ÷òî èçâíå ïîðò 443 çàêðûò.
âêëþ÷àþ íà ðîóòåðå äîñòóï ê web ìîðäå ïî 8080.
ïûòàþñü èçâíå â ãóãëõðîìå çàëåçòü íà http:// ìîéäèíäíñ:8080 - íåò îòâåòà îò ñåðâåðà.
÷òî è ãäå ïîäêðóòèòü ÷àéíèêó?
ñïàñèáî.

---

À çà÷åì âûáèðàòü ïîðò çàðåçåðâèðîâàííûé ïîä https? ïðîáóéòå ïîðòû âûøå 2000

Quote:

---

Originally Posted by TReX

À çà÷åì âûáèðàòü ïîðò çàðåçåðâèðîâàííûé ïîä https? ïðîáóéòå ïîðòû âûøå 2000

---

Àâòîð âîïðîñà íå óêàçàë, "áåëûé" ëè ó íåãî àäðåñ.
Ìîæåò îí ñîâñåì íå ðîóòåð ïèíãóåò.

Äîáðûé äåíü.

Çàìåòèë ñòàáèëüíîå çàâèñàíèå ðîóòåðà ïîñëå óäàëåííîãî ïîäêëþ÷åíèÿ ê íåìó ïî ssh. Ïðè÷åì âèñíåò "íàìåðòâî", òàê ÷òî ïîñëå íå èç ëîêàëêè, íå èç âíåøêè ê íåìó íåò äîñòóïà (íè web, íè ssh, íè wi-fi, íè dhcp ñ íåãî íå ðàáîòàþò). Òîëüêî ping èç ëîêàëêè îòâå÷àåò, åñëè ïîäêëþ÷èòüñÿ êàáåëåì è íàçíà÷èòü ip âðó÷íóþ. Ïîìîãàåò ïåðåäåðãèâàíèå ïèòàíèÿ.
Íå áûëî íè îäíîãî ðàçà ÷òîáû íå "ïîâèñ".  îñòàëüíûõ ñëó÷àÿõ ðàáîòàåò ñóòêè íàïðîëåò.

 ÷åì ìîæåò áûòü ïðè÷èíà?

P.S. Ïðîøèâêà - 1.9.2.7-rtn-r3121.

Óæå êàêîé äåíü áüþñü, íå ìîãó çàéòè èç âíå ïî ssh.
 âåá èíòåðôåéñå âñ¸ ÷òî ñâÿçàííî ñ ssh îòêëþ÷åíî.
Íàñòðîåíî ñîåäèíåíèå ddns ÷åðåç no-ip.com
Ïðîøèâêà ïîñëåäíÿÿ îò ýíòóçèàñòîâ. ðîóòåð wl-500gP

Code:

---

cat /tmp/local/sbin/post-boot
dropbear > /dev/null 2>&1


cat /tmp/local/sbin/post-firewall
iptables -P INPUT DROP
iptables -D INPUT -j DROP

#Èñïðàâëÿåì íèçêóþ ñêîðîñòü PPTP
iptables -t nat -nvL POSTROUTING | grep MASQUERADE | awk '{
"ifconfig "$7" | grep Mask" | getline ip;
split(ip,ip,":"); split(ip[2],ip," ");
split($8,src,"!");
if (src[1]=="") {src="! -s "src[2]} else {src="-s "src[1]};
if ($9=="0.0.0.0/0") {dst=""} else {dst="-d "$9};
system("iptables -t nat -A POSTROUTING -o "$7" "src" "dst" -j SNAT --to-source "ip[1]);
system("iptables -t nat -D POSTROUTING -o "$7" "src" "dst" -j MASQUERADE");
}'

# ***ssh subsection begin***
#iptables -t raw -A PREROUTING -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 56789 -j REDIRECT --to-ports 22
# ***ssh subsection end***
iptables -A INPUT -j DROP


iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2613
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
2620 516K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
166 51485 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 SECURITY all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW
57 8804 SECURITY all -- vlan1 * 0.0.0.0/0 0.0.0.0/0 state NEW
14 5190 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
40 3530 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

iptables -t nat -nvL PREROUTING
Chain PREROUTING (policy ACCEPT 34 packets, 2597 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2613 to:192.168.25.1:2613
4 251 VSERVER all -- * * 0.0.0.0/0 94.24.196.21
0 0 VSERVER all -- * * 0.0.0.0/0 10.62.86.84
2 304 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:56789 redir ports 22
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.25.1:443


Ñ ëîêàëêè çàõîæó è ïî 22 è ïî 56789 ïîðòó, õîòÿ ïûòàþñü 22 äðîïàòü. Ñ WAN íó íè â êàêóþ, ïèøåò:
$ ssh ***.no-ip.info
ssh: connect to host ***.no-ip.info port 22: No route to host
Íå ïîéìó, ïî÷åìó íå âèäíî ñîåäèíåíèå ïî netstat?


netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5431 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 10.62.86.84:1024 78.29.3.77:1723 ESTABLISHED
udp 0 0 0.0.0.0:1025 0.0.0.0:*
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp 0 0 127.0.0.1:34954 0.0.0.0:*
udp 0 0 0.0.0.0:53 0.0.0.0:*
udp 0 0 0.0.0.0:67 0.0.0.0:*
udp 0 0 0.0.0.0:1900 0.0.0.0:*

---

Quote:

---

Originally Posted by Satoorn

Óæå êàêîé äåíü áüþñü, íå ìîãó çàéòè èç âíå ïî ssh.
 âåá èíòåðôåéñå âñ¸ ÷òî ñâÿçàííî ñ ssh îòêëþ÷åíî.
Íàñòðîåíî ñîåäèíåíèå ddns ÷åðåç no-ip.com
Ïðîøèâêà ïîñëåäíÿÿ îò ýíòóçèàñòîâ. ðîóòåð wl-500gP

---

A äëÿ ÷åãî òàêèå ñëîæíîñòè èëè ñýð ëþáèò ñòîÿ â ãàìàêå è â àêâàëàíãå? :D

×òî âû óâèäåëè ñëîæíîãî?
Äàâàéòå ïî ïðîñòîìó.

Code:

---

$ cat /tmp/local/sbin/post-firewall
#!/bin/sh

iptables -P INPUT DROP
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -m recent --set --name SSH_ATTACKER --rsource
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 600 --hitcount 6 --name SSH_ATTACKER --rsource -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP


$ iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
 2414  472K ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    0    0 ACCEPT    all  --  lo    *      0.0.0.0/0            0.0.0.0/0          state NEW
  156 44601 ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0          state NEW
    0    0 SECURITY  all  --  ppp0  *      0.0.0.0/0            0.0.0.0/0          state NEW
  44 10302 SECURITY  all  --  vlan1  *      0.0.0.0/0            0.0.0.0/0          state NEW
  16  5846 ACCEPT    udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp spt:67 dpt:68
    0    0            tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          state NEW tcp dpt:22 recent: SET name: SSH_ATTACKER side: source
    0    0 DROP      tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          state NEW tcp dpt:22 recent: UPDATE seconds: 600 hit_count: 6 name: SSH_ATTACKER side: source
    0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:22
  26  4400 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0

$  netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address        State     
tcp        0      0 0.0.0.0:80              0.0.0.0:*              LISTEN     
tcp        0      0 0.0.0.0:8081            0.0.0.0:*              LISTEN     
tcp        0      0 0.0.0.0:53              0.0.0.0:*              LISTEN     
tcp        0      0 0.0.0.0:5431            0.0.0.0:*              LISTEN         
tcp        0      0 10.62.86.84:1024        78.29.3.44:1723        ESTABLISHED
udp        0      0 0.0.0.0:1025            0.0.0.0:*                         
udp        0      0 0.0.0.0:514            0.0.0.0:*                         
udp        0      0 127.0.0.1:34954        0.0.0.0:*                         
udp        0      0 0.0.0.0:53              0.0.0.0:*                         
udp        0      0 0.0.0.0:67              0.0.0.0:*                         
udp        0      0 0.0.0.0:1900            0.0.0.0:*

---

Ïî ëîêàëêå çàõîæó íà 22 ïîðò.
Ïî÷åìó 22 ïîðò íå ïðîñëóøèâàåòñÿ? ×òî åù¸ ïîêàçàòü?