On Thu, Aug 12, 2010 at 4:44 PM, Tim Dickson <[email protected]> wrote:
> Then only allow to the SSH servers you know/want? You can go either way... > block all and allow only certain IPs > Or allow all, and block certain IPs A whitelist will work if he knows the IPs that he wants to allow. Otherwise, how does pfsense know whether you're connecting to an imap server on port 143 or an ssh server on port 143? > On 2.0 you can block by OS type too... Source OS, but not destination. You could perhaps filter the ssh server as a source OS if you override the rule to allow established states, but does pfsense allow that? Not in the web UI for sure. db --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
