Remote ssh attempts even though ssh is “LAN only”

[ColinTaylor]

The simplest solution would surely be to stop dropbear listening on all interfaces?

Not really. Yes that would stop the dropbear case, but dropbear is already pretty secure. What it wouldn't stop is all the other services that are also listening on all interfaces. Some of those have little or no security at all.

So the real solution IMO is to find out why the firewall rules are disappearing or being corrupted after a WAN outage and fix it.

 

[table45]

I fixed the problem by returning the router… The issue is not happening on the replacement rt-be86u.

 

[original-birdman]

Not really. Yes that would stop the dropbear case, but dropbear is already pretty secure.

The thread was specifically about "ssh attempts" - so dropbear.

...
So the real solution IMO is to find out why the firewall rules are disappearing or being corrupted after a WAN outage and fix it.

Fair enough.
FWIW, I did see these had occurred (i.e. in the log) shortly before my router stopped accepting valid incoming calls.
This happened twice.
Both while I was away in Australia, and both fixed by getting my wife to reboot the router.

I thought I'd saved the syslogs somewhere, but currently can't find them.