On Wed, 2015-08-19 at 08:45 -0400, Ted Byers wrote: > On Wed, Aug 19, 2015 at 4:38 AM, Jon Gerdes <[email protected]> wrote:
> > Finally, although it is good practice to scan your gear I trust you > > usually have a firewall rule that prohibits access to the web > > configurator console except from a few sources. Also the port you > > should have shuffled off to a non default. > > > Well, the port is shuffled off to something higher than 50000. > > I'd have preferred to have set this port to accept connections only > from my IP and that of my colleague, but while I have a fixed IP > address, he does not. > > > Cheers > > Jon Ted Perhaps your colleague needs a VPN then if they are unable to get a fixed IP address. OpenVPN is ideal for this and dead easy to set up. I understand it is a bit of an extra layer of faff but if you are going to the trouble of worrying about DH params on the SSL certificate then you clearly take security seriously. Controlling access to the web admin console (and ssh) is part of the basics ... Cheers Jon _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
