Revision history [back]

Today I logged in on ssh and was really shocked as I saw there were 5700 attempts to login! So tried to check where it comes from and found out that there is no firewall against rmnet0. It seems like all services are exposed to mobile network.
Im not a network security specialist, but it looks like a real risk! Who really knows which app opens ports and is therefore attakable from the whole world? What it even make worst, most users don't use strong passwords when they think they are secured by the router in their home WLAN.
And yes, there is no NAT. My provider gives me a public IP.

As iptables was installed, but not configured, I made following changes and hope that helps for the basics:

iptables -P INPUT DROP
iptables -A INPUT -i wlan0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i wlan0 -p icmp -j ACCEPT

How is your opinion about that issue?

Today I logged in on ssh and was really shocked as I saw there were 5700 attempts to login! So tried to check where it comes from and found out that there is no firewall against rmnet0. It seems like all services are exposed to mobile network.
Im not a network security specialist, but it looks like a real risk! Who really knows which app opens ports and is therefore attakable from the whole world? What it even make worst, most users don't use strong passwords when they think they are secured by the router in their home WLAN.
And yes, there is no NAT. My provider gives me a public IP.

As iptables was installed, but not configured, I made following changes and hope that helps for the basics:

iptables -P INPUT DROP
iptables -A INPUT -i wlan0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i wlan0 -p icmp -j ACCEPT

How is your opinion about that issue?

Today I logged in on ssh and was really shocked as I saw there were 5700 attempts to login! So tried to check where it comes from and found out that there is no firewall against rmnet0. It seems like all services are exposed to mobile network.
Im not a network security specialist, but it looks like a real risk! Who really knows which app opens ports and is therefore attakable from the whole world? What it even make worst, most users don't use strong passwords when they think they are secured by the router in their home WLAN.
And yes, there is no NAT. My provider gives me a public IP.

As iptables was installed, but not configured, I made executed the following changes commands and hope that helps for the basics:to restore a basic security:

iptables -P INPUT DROP
-A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i wlan0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i wlan0 -p icmp -j ACCEPT
iptables -P INPUT DROP

How is your opinion about that issue?

Today I logged in on ssh and was really shocked as I saw there were 5700 attempts to login! So tried to check where it comes from and found out that there is no firewall against rmnet0. It seems like all services are exposed to mobile network.
Im not a network security specialist, but it looks like a real risk! Who really knows which app opens ports and is therefore attakable from the whole world? What it even make worst, most users don't use strong passwords when they think they are secured by the router in their home WLAN.
And yes, there is no NAT. My provider gives me a public IP.

As iptables was installed, but not configured, I executed the following commands and hope that helps to restore a basic security:

iptables -F INPUT
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i wlan0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i wlan0 -p icmp -j ACCEPT
iptables -P INPUT DROP

How is your opinion about that issue?