Thanks Lonnie
Regards
Michael Knill
On 15/9/19, 11:38 pm, "Lonnie Abelbeck" wrote:
Hi Michael,
> I have never done any iptables rules so this will be a first.
This is a great way to learn, the INT_INPUT_CHAIN chain defaults to ACCEPT
anyway, so any changes will only be
Hi Michael,
> I have never done any iptables rules so this will be a first.
This is a great way to learn, the INT_INPUT_CHAIN chain defaults to ACCEPT
anyway, so any changes will only be more restrictive. Always test your
changes, the CLI "arno-iptables-firewall restart" will show an error if
Thanks Lonnie
I have never done any iptables rules so this will be a first.
Regards
Michael Knill
Sent from my iPhone so please excuse my brevity.
> On 10 Sep 2019, at 8:32 am, Lonnie Abelbeck wrote:
>
> Hi Michael,
>
> OK, that is best done via custom rules in
> "/mnt/kd/arno-iptables-fi
Hi Michael,
OK, that is best done via custom rules in
"/mnt/kd/arno-iptables-firewall/custom-rules".
For this example WireGuard LAN->Local will drop all traffic except SSH.
-- /mnt/kd/arno-iptables-firewall/custom-rules --
# Put any custom (iptables) rules here down below:
#
Hi sorry Lonnie, I didn't explain it well enough.
I want to provide different access to Local from a physical LAN than the wg0
interface.
For instance I want to open TCP443, my SSH Port and possibly other ports from
the physical LAN but open my SSH Port only from wg0.
I could do it based on the
I don't understand what you are asking, but the default isolated wg0 interface
can be allowed to access physical LAN interfaces with:
_x_ Allow WireGuard VPN tunnel to the [ 1st ] LAN Interface(s)
And LAN's can access Local by default.
Lonnie
> On Sep 8, 2019, at 10:57 PM, Michael Knill
Thanks Lonnie.
Just wondering how I could use Deny LAN->Local when I actually want to allow
onsite local LAN traffic to access the system admin interface?
I really need a Pass LAN->Local to do this!
Regards
Michael Knill
On 9/9/19, 1:11 pm, "Lonnie Abelbeck" wrote:
> On Sep 8,
> On Sep 8, 2019, at 8:46 PM, Michael Knill
> wrote:
>
> Hi Group
>
> I am seeing lots of hacking attempts on my systems as they have found my non
> standard SSH port. Although there is no issue as I have SSH Key access only,
> I'm sick of the long list of addresses in the Adaptive Ban li
