REJECT in /etc/config/firewall still permits '[preauth]' in System Log

My router is a TP-Link c7 running on a release 19.07.8 custom image.

Because someone is trying to log into my OpenSSH server, I entered these lines into /etc/config/firewall. The aim was that this someone should be rejected before getting to the "Show us your credentials" stage (or rejected at the earliest possible stage).

config rule
        option src 'wan'
        option name 'block-public-ip'
        list src_ip ''
        option dest '*'
        option target 'REJECT'
        list proto 'all'

However in LuCI's System Log I still get:

Sat Oct 23 11:54:10 2021 sshd[23597]: Connection closed by port 59794 [preauth]

Am I supposed to get this [preauth] line even after a config rule with REJECT? (Changing to DROP seems to make no difference.)

Is my config rule block no good? If so, what's the right way to do it?

(I know that wireguard is "silent" and therefore "better.")

1 Like

Remove the dest option:


Better yet, unless you specifically need to have ssh directly exposed to the internet, use a VPN (such as wireguard, as you mention) which will be far more secure.


Thank you. That totally worked. In regard to dest

Specifies the traffic destination zone . Refers to one of the defined zone names , or * for any zone. If specified, the rule applies to forwarded traffic; otherwise, it is treated as input rule.

is there an express way to have the rule be treated as input? I mean something that looks like option __ 'INPUT'.

1 Like

Thanks. It is actually my first time having an OpenSSH server up and exposed. I want to go through this stage as a learning experience before getting to VPN.

LuCI > Network > Firewall > Traffic Rules > Edit > Destination zone > Device (input)

1 Like

Thanks. That does not seem to put a line in /etc/config/firewall. So I'll understand that a missing option dest line is the only config file equivalent to setting LuCI Destination zone to Device (input).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.