The hardware is an RB5009 that simply has two interfaces (an OUT (FRC) and an IN (LAN). (There are firewalls upstrea.) The goal of the firewall ruleset at this point is:
- Allow everything out
- Allow return traffic in
- Allow SSH in if it's going to host 199.181.204.130
- Drop everything else
I can see the drop rule at the bottom catches everything -- even the SSH-- - why?0 ;;; Allow anything out from the LAN to the tunnels
chain=forward action=accept in-interface=ether1-LAN
out-interface=ether2-FRC log=no log-prefix=""
1 chain=forward action=accept protocol=tcp dst-address-list=199.181.204.130
dst-port=22 log=no log-prefix=""
2 ;;; Allow active connections in
chain=forward action=accept
connection-state=established,related,untracked in-interface=ether2-FRC
out-interface=ether1-LAN log=no log-prefix=""
3 chain=forward action=drop log=no log-prefix="Drop it"