My question to all would be that since the DHCP address range and the Lan interface are on the same subnet, would using rules to deny SSH do us any good? Would the layer 2 access allow connection to the interface and basically bypass the firewall rules or do rules get checked prior to allowing access?
Does this make sense? If in fact the Lan Rule does not apply, is there a way that I can stop users from being able to ssh to the Lan or Wan interface? Thanks Dwane -----Original Message----- From: Ron Blanchett [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 2:26 PM To: support@pfsense.com Subject: Re: [pfSense Support] Disable SSH to the private side interface I stand twice corrected, thank you for correcting my misunderstanding of this option. On Tue, Jul 1, 2008 at 3:00 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > Ron Blanchett wrote: >> >> I think we would be looking more for >> Advanced -> Misc -> Bypass firewall rules for traffic on the same >> interface. >> > > No, that's for use with static routes because of the asymmetric routing you > tend to end up with in those situations breaks stateful filtering. > > Disabling the anti-lockout rule is necessary to block access to the LAN IP > from internal networks. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Diogenes - "What I like to drink most is wine that belongs to others." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
