Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12
  1. 02-21-2012, 03:12 PM #11
    Danp
    Danp is offline
    Master Untangler
    Join Date
    Aug 2008
    Posts
    639

    Default

    Quote Originally Posted by sky-knight View Post
    Please make note that you will need a separate packet filter rule for each WAN interface on Untangle to block TCP 22. If you do not correctly block TCP 22 and you enable SSH, your box WILL get hacked. It isn't a matter of if, it's a matter of when.
    In my case, I have the following setup:

    • "Accept SSH traffic from all interfaces" option is unchecked
    • Packet filter that explicitly allows SSH traffic from the Internal interface

    I verified that I'm unable to connect via SSH from outside my network, so this appears to be the equivalent of what you described. Would you agree?
  2. 02-21-2012, 03:36 PM #12
    sky-knight
    sky-knight is online now
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    That I would argue is actually BETTER. It's what I'm going to start going on my future configurations.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com
Page 2 of 2 FirstFirst 12
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2