Is there a way that I can disable SSH from my private side address to
the default gateway or in this case, the LAN address? Can I do it via a
Linux command?
In other words, if my LAN interface is 10.6.5.8 and my DHCP (private
side) addresses are 10.6.5.10 - .100. I want to ensure that those
ad
Just add a reject or drop rule on the lan interface
Specify a source range and make the destination address your lan
interface address and the port 22.
Simple as that.
-Ron
On Tue, Jul 1, 2008 at 2:07 PM, Atkins, Dwane P <[EMAIL PROTECTED]> wrote:
> Is there a way that I can disable SSH from m
e put these denies above the permit ip any any statement
in the Lan rules.
Am I doing something wrong?
Dwane
-Original Message-
From: Ron Blanchett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2008 1:17 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Disable SSH to the pr
> If the DHCP address and the lan gateway are in the same subnet, it
> doesn't appear to work.
Because it's not that simple, pfSense has an anti-lockout rule by
default. To disable, check:
Advanced -> Misc -> "webGUI anti-lockout"
> Another question about Firewall Rules are do they read for top
ve put these denies above the permit ip any any statement
> in the Lan rules.
>
> Am I doing something wrong?
>
> Dwane
>
> -Original Message-
> From: Ron Blanchett [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 01, 2008 1:17 PM
> To: support@pfsense.com
> Subject
172.31.180.2/?if=lan&act=toggle&id=13>
*
LAN net
*
*
*
*
Default LAN -> any
-Original Message-
From: Ron Blanchett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2008 1:27 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Disable SSH to the private side interfa
I think we would be looking more for
Advanced -> Misc -> Bypass firewall rules for traffic on the same interface.
it should be disabled in this case since he is looking to create rules
that apply to the LAN interface and not the GUI.
-Ron
On Tue, Jul 1, 2008 at 2:26 PM, RB <[EMAIL PROTECTED]> wr
gt; 22 (SSH)
>
> *
>
>
>
> Disallow SSH to Wan route
>
> *
>
> LAN net
>
> *
>
> *
>
> *
>
> *
>
>
>
> Default LAN -> any
>
>
>
>
>
>
>
> -Original Message-
> From: Ron Blanchett [mailto:[EMAIL PROTE
> I think we would be looking more for
> Advanced -> Misc -> Bypass firewall rules for traffic on the same interface.
I am far from a pf wizard, but the following is the rule created
without that checkbox:
pass in quick on fxp0 inet from any to 192.168.1.1 keep state label
"anti-lockout web rule"
Ron Blanchett wrote:
I think we would be looking more for
Advanced -> Misc -> Bypass firewall rules for traffic on the same interface.
No, that's for use with static routes because of the asymmetric routing
you tend to end up with in those situations breaks stateful filtering.
Disabling t
I stand twice corrected, thank you for correcting my misunderstanding
of this option.
On Tue, Jul 1, 2008 at 3:00 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> Ron Blanchett wrote:
>>
>> I think we would be looking more for
>> Advanced -> Misc -> Bypass firewall rules for traffic on the same
>>
: support@pfsense.com
Subject: Re: [pfSense Support] Disable SSH to the private side interface
I stand twice corrected, thank you for correcting my misunderstanding
of this option.
On Tue, Jul 1, 2008 at 3:00 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> Ron Blanchett wrote:
>>
>>
Atkins, Dwane P wrote:
My question to all would be that since the DHCP address range and the
Lan interface are on the same subnet, would using rules to deny SSH do
us any good?
Yes.
Would the layer 2 access allow connection to the interface
and basically bypass the firewall rules or do rules
> My question to all would be that since the DHCP address range and the
> Lan interface are on the same subnet, would using rules to deny SSH do
> us any good? Would the layer 2 access allow connection to the interface
> and basically bypass the firewall rules or do rules get checked prior to
> al
Thanks to all for their help. This is what I will attempt to do.
Dwane
-Original Message-
From: RB [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2008 4:02 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Disable SSH to the private side interface
> My question to all wo
15 matches
Mail list logo
