My router is a TP-Link c7 running on a release 19.07.8 custom image.
Because someone is trying to log into my OpenSSH server, I entered these lines into /etc/config/firewall. The aim was that this someone should be rejected before getting to the "Show us your credentials" stage (or rejected at the earliest possible stage).
config rule
option src 'wan'
option name 'block-public-ip'
list src_ip '42.192.96.35'
option dest '*'
option target 'REJECT'
list proto 'all'
However in LuCI's System Log I still get:
Sat Oct 23 11:54:10 2021 auth.info sshd[23597]: Connection closed by 42.192.96.35 port 59794 [preauth]
Am I supposed to get this [preauth] line even after a config rule with REJECT? (Changing to DROP seems to make no difference.)
Is my config rule block no good? If so, what's the right way to do it?
(I know that wireguard is "silent" and therefore "better.")
Better yet, unless you specifically need to have ssh directly exposed to the internet, use a VPN (such as wireguard, as you mention) which will be far more secure.
Specifies the traffic destination zone . Refers to one of the defined zone names , or * for any zone. If specified, the rule applies to forwarded traffic; otherwise, it is treated as input rule.
is there an express way to have the rule be treated as input? I mean something that looks like option __ 'INPUT'.
Thanks. It is actually my first time having an OpenSSH server up and exposed. I want to go through this stage as a learning experience before getting to VPN.
Thanks. That does not seem to put a line in /etc/config/firewall. So I'll understand that a missing option dest line is the only config file equivalent to setting LuCI Destination zone to Device (input).