They’re getting an authentication prompt, yes, but don’t appear to be getting in. To stop it, you’ll need to firewall off that port and allow subnets as needed. What does your config/firewall rules look like?
set firewall name protect-vyatta rule 2 action drop
set firewall name protect-vyatta rule 2 destination port 22
set firewall name protect-vyatta rule 2 protocol tcp
set firewall name protect-vyatta rule 2 recent count 3
set firewall name protect-vyatta rule 2 recent time 300
set firewall name protect-vyatta rule 2 state new enable
set firewall group network-group MGMT_IN network [my-prefix]
Hi, I changed the config slightly, therefore I amended the commands accordingly.
The router have three interfaces and eth1,2 are in bond 1
csadmin@edge1-thn:~$ show configuration commands | match MGNT_IN
set firewall name MGNT_IN default-action ‘drop’
set firewall name MGNT_IN rule 2 action ‘drop’
set firewall name MGNT_IN rule 2 destination port ‘22,22222’
set firewall name MGNT_IN rule 2 protocol ‘tcp’
set firewall name MGNT_IN rule 2 recent count ‘3’
set firewall name MGNT_IN rule 2 recent time ‘300’
set firewall name MGNT_IN rule 2 state new ‘enable’
set firewall name MGNT_IN rule 100 action ‘accept’
set firewall name MGNT_IN rule 100 state established ‘enable’
set firewall name MGNT_IN rule 100 state related ‘enable’
set firewall name MGNT_IN rule 101 action ‘accept’
set firewall name MGNT_IN rule 101 destination port ‘22222’
set firewall name MGNT_IN rule 101 protocol ‘tcp’
set firewall name MGNT_IN rule 101 source group network-group ‘MGMT_IN’
set firewall name MGNT_IN rule 201 action ‘accept’
set firewall name MGNT_IN rule 201 destination port ‘161’
set firewall name MGNT_IN rule 201 protocol ‘udp’
set firewall name MGNT_IN rule 201 source group network-group ‘MGMT_IN’
set firewall name MGNT_IN rule 301 action ‘accept’
set firewall name MGNT_IN rule 301 destination port ‘179’
set firewall name MGNT_IN rule 301 protocol ‘tcp’
set firewall name MGNT_IN rule 301 source group network-group ‘BGP_IN’
set firewall name MGNT_IN rule 401 action ‘accept’
set firewall name MGNT_IN rule 401 protocol ‘ospf’
set firewall name MGNT_IN rule 401 source group network-group ‘CSG_IN’
set firewall name MGNT_IN rule 501 action ‘accept’
set firewall name MGNT_IN rule 501 protocol ‘icmp’
set firewall name MGNT_IN rule 501 source address ‘0.0.0.0/0’
set interfaces bonding bond1 firewall local name ‘MGNT_IN’
set interfaces ethernet eth0 firewall local name ‘MGNT_IN’
set interfaces ethernet eth4 firewall local name ‘MGNT_IN’
set interfaces ethernet eth5 firewall local name ‘MGNT_IN’
csadmin@edge1-thn:~$ sh firewall name MGNT_IN statistics
Rulesets Information
IPv4 Firewall “MGNT_IN”:
Active on (bond1,LOCAL) (eth0,LOCAL) (eth4,LOCAL) (eth5,LOCAL)
If you dump traffic, you will see that unique IP addresses don’t are repeated within 5 minutes.
set firewall name MGNT_IN default-action ‘drop’
set firewall name MGNT_IN rule 2 recent count ‘3’
set firewall name MGNT_IN rule 2 recent time ‘300’
that rule only drop packets if someone trying to connect to ssh more than 3 times for the last 5 min.
If you want to allow ssh only for white-list-ip you need to declare it before and drop all other traffic destined to port 22.
For example
set firewall group address-group ALLOW-SSH address '203.0.113.1-203.0.113.20'
set firewall name MGMT-IN default-action 'drop'
set firewall name MGMT-IN rule 10 action 'accept'
set firewall name MGMT-IN rule 10 state established 'enable'
set firewall name MGMT-IN rule 10 state related 'enable'
set firewall name MGMT-IN rule 20 action 'accept'
set firewall name MGMT-IN rule 20 icmp type-name 'echo-request'
set firewall name MGMT-IN rule 20 protocol 'icmp'
set firewall name MGMT-IN rule 20 state new 'enable'
set firewall name MGMT-IN rule 30 action 'accept'
set firewall name MGMT-IN rule 30 icmp type-name 'fragmentation-needed'
set firewall name MGMT-IN rule 30 protocol 'icmp'
set firewall name MGMT-IN rule 30 state new 'enable'
set firewall name MGMT-IN rule 40 action 'accept'
set firewall name MGMT-IN rule 40 destination port '22,222'
set firewall name MGMT-IN rule 40 protocol 'tcp'
set firewall name MGMT-IN rule 40 source group address-group 'ALLOW-SSH'
set firewall name MGMT-IN rule 50 action 'drop'
set firewall name MGMT-IN rule 50 destination port '22,2222'
set firewall name MGMT-IN rule 50 log 'enable'
set firewall name MGMT-IN rule 50 protocol 'tcp'