Tidy SSH access

[jontz]

sky-night, can you please answer my question above when you get a chance (post #17)? Thanks!

[sky-knight]

Sure!

Both the firewall and the packet filter work on the principle of first rule matched wins. So your rules need to be ordered from most specific to least specific in order to work as expected.

So yes the firewall and packet filter work exactly the same way, put your general blocks at the bottom of the list.

[jontz]

Thanks for the confirmation. I have two rules set up for SSH (I only access SSH from one machine...mine). The first one is

Pass-Source Interface Internal-Desination Port 22-Protocol TCP-Source IP x.x.x.x

2nd rule is

Block-Destination Port22-Protocol TCP

I should be good, yes?

[sky-knight]

I would be a bit more specific...

Pass
Source Interface Internal
Protocol TCP
Destination Port 22
Destination IP (internal UT IP)
Source IP x.x.x.x

And the block is
Block
Protocol TCP
Destination Port 22
Destination Local

If you don't put that destination local on the end your second rule will prevent all SSH from traversing the Untangle! And your original allow rule allows all SSH from that internal IP, regardless of destination!

[jontz]

Beautiful. Thanks a million!

[benutne]

So if I have a pfsense box in front of the Untangle box, do I need to worry about doing much more than doing the

Code:

update-rc.d ssh defaults
/etc/init.d/ssh restart

from the console? I have a VPN set up on the pfsense side so I'd still like to be able to access the Untangle box when I'm working remotely.

[mikepb]

Never heard of Defense -in-Depth, I see.
They should BOTH be filtering! The old suspenders AND belt action!