On 12/08/10 23:51, RB wrote:
> Pretty much any port you allow out (or even SSL websites) raw will
> have this problem and you'll never reach 100% closure. You can
> approximate 100% with application proxies that monitor for and cut off
> abberrant behavior, but they'll never be perfect.
indeed, b
On 08/12/2010 03:51 PM, RB wrote:
> On Thu, Aug 12, 2010 at 16:29, Cinaed Simson wrote:
>> Hi - suppose the office LAN has one open outbound port - say IMAP on
>> port 143.
>>
>> I go home and configure my Linux desktop to run a SSH server on port 143.
>>
>> Now I return to the office and attempt
On Thu, Aug 12, 2010 at 8:13 PM, Cinaed Simson wrote:
> On 08/12/2010 03:44 PM, Tim Dickson wrote:
>>> I don't know the IP addresses of the SSH servers on the Internet.
>>
>> Then only allow to the SSH servers you know/want? You can go either way...
>> block all and allow only certain IPs
>> Or
Then you need a deny rule on your LAN interface that says 'DENY SOURCE LANNET
DEST PORT 22'.
> -Original Message-
> From: Cinaed Simson [mailto:cinaed.sim...@gmail.com]
> Sent: Thursday, August 12, 2010 5:14 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Su
On 08/12/2010 03:44 PM, Tim Dickson wrote:
>> I don't know the IP addresses of the SSH servers on the Internet.
>
> Then only allow to the SSH servers you know/want? You can go either way...
> block all and allow only certain IPs
> Or allow all, and block certain IPs
> On 2.0 you can block by OS
On Thu, Aug 12, 2010 at 16:29, Cinaed Simson wrote:
> Hi - suppose the office LAN has one open outbound port - say IMAP on
> port 143.
>
> I go home and configure my Linux desktop to run a SSH server on port 143.
>
> Now I return to the office and attempt to connect to my machine at home
> via por
On Thu, Aug 12, 2010 at 4:44 PM, Tim Dickson
wrote:
> Then only allow to the SSH servers you know/want? You can go either way...
> block all and allow only certain IPs
> Or allow all, and block certain IPs
A whitelist will work if he knows the IPs that he wants to allow.
Otherwise, how does pf
>I don't know the IP addresses of the SSH servers on the Internet.
Then only allow to the SSH servers you know/want? You can go either way...
block all and allow only certain IPs
Or allow all, and block certain IPs
On 2.0 you can block by OS type too...
On 08/12/2010 03:35 PM, David Burgess wrote:
> On Thu, Aug 12, 2010 at 4:29 PM, Cinaed Simson
> wrote:
>> Hi - suppose the office LAN has one open outbound port - say IMAP on
>> port 143.
>>
>> I go home and configure my Linux desktop to run a SSH server on port 143.
>>
>> Now I return to the off
On Thu, Aug 12, 2010 at 4:29 PM, Cinaed Simson wrote:
> Hi - suppose the office LAN has one open outbound port - say IMAP on
> port 143.
>
> I go home and configure my Linux desktop to run a SSH server on port 143.
>
> Now I return to the office and attempt to connect to my machine at home
> via p
Hi - suppose the office LAN has one open outbound port - say IMAP on
port 143.
I go home and configure my Linux desktop to run a SSH server on port 143.
Now I return to the office and attempt to connect to my machine at home
via port 143.
Can pfsense be configured to stop the outbound SSH connec
11 matches
Mail list logo