I’m following the examples here Quick Start — VyOS 1.4.x (sagitta) documentation, but when I add the firewall SSH rate limit — I am blocked out completely.
Ruleset Name Description References
-------------- ------------- ------------
OUTSIDE-IN (eth0,in)
OUTSIDE-LOCAL (eth0,local)
name OUTSIDE-LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
rule 30 {
action reject
destination {
port 22
}
log enable
protocol tcp
recent {
count 4
time 60
}
state {
new enable
}
}
rule 31 {
action accept
destination {
port 22
}
protocol tcp
state {
new enable
}
}
}
If rule 30 is enabled, I am unable to SSH into VyOS. Confirmed by the log:
[OUTSIDE-LOCAL-30-R] IN=eth0 OUT= MAC=x SRC=192.168.1.222 DST=192.168.1.187 LEN=60 TOS=0x08 PREC=0x40 TTL=64 ID=5155 DF PROTO=TCP SPT=36298 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0
I am using VyOS 1.4-rolling-202201230317.
Is there something I’m not understanding about recent
?