Skip to content
Snippets Groups Projects
Commit f5337fc7 authored by Torbjörn Lönnemark's avatar Torbjörn Lönnemark
Browse files

CVE-2024-6387 ("regreSSHion"): Block ssh from outside lysator on system server

parent 75b31f1e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 21 additions and 0 deletions
manifests/system.pp
+ 21
0
View file @ f5337fc7
...@@ -41,6 +41,27 @@ class analysator::system::nat { ...@@ -41,6 +41,27 @@ class analysator::system::nat {
} }
} }
# CVE-2024-6387 ("regreSSHion")
# https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
firewall { '000 block ssh outside lysator (v4)':
chain => 'INPUT',
dport => '22',
source => '! 130.236.254.0/24',
proto => 'tcp',
action => 'reject',
}
# CVE-2024-6387 ("regreSSHion")
# https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
firewall { '000 block ssh outside lysator (v6)':
chain => 'INPUT',
dport => '22',
source => '! 2001:6b0:17:f0a0::/64',
proto => 'tcp',
action => 'reject',
provider => 'ip6tables',
}
firewall { '200 forward internal': firewall { '200 forward internal':
chain => 'FORWARD', chain => 'FORWARD',
iniface => $analysator::system::internal_iface, iniface => $analysator::system::internal_iface,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment