Proto
Source Port Destination Port Gateway Schedule Description <http://172.31.180.2/firewall_rules_edit.php?if=lan&after=-1> <http://172.31.180.2/?if=lan&act=toggle&id=11> TCP * * LAN address 22 (SSH) * No SSH from inside to Lan address <http://172.31.180.2/firewall_rules_edit.php?id=11> <http://172.31.180.2/firewall_rules.php?act=del&if=lan&id=11> <http://172.31.180.2/firewall_rules_edit.php?dup=11> <http://172.31.180.2/?if=lan&act=toggle&id=12> TCP * * WAN address 22 (SSH) * Disallow SSH to Wan route <http://172.31.180.2/firewall_rules_edit.php?id=12> <http://172.31.180.2/firewall_rules.php?act=del&if=lan&id=12> <http://172.31.180.2/firewall_rules_edit.php?dup=12> <http://172.31.180.2/?if=lan&act=toggle&id=13> * LAN net * * * * Default LAN -> any -----Original Message----- From: Ron Blanchett [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 1:27 PM To: [email protected] Subject: Re: [pfSense Support] Disable SSH to the private side interface Yes rules reas top to bottom. Please attach a copy of your rule as it is displayed in on the Lan fw tab. this will help in finding the problem with the rule. -Ron On Tue, Jul 1, 2008 at 2:20 PM, Atkins, Dwane P <[EMAIL PROTECTED]> wrote: > Ron, > > Thanks for the quick answer. > > I have a LAN rule that I assumed stated deny tcp any Lan Interface eq > ssh. > > If the DHCP address and the lan gateway are in the same subnet, it > doesn't appear to work. > > Another question about Firewall Rules are do they read for top to > bottom? I have put these denies above the permit ip any any statement > in the Lan rules. > > Am I doing something wrong? > > Dwane > > -----Original Message----- > From: Ron Blanchett [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 01, 2008 1:17 PM > To: [email protected] > Subject: Re: [pfSense Support] Disable SSH to the private side interface > > Just add a reject or drop rule on the lan interface > Specify a source range and make the destination address your lan > interface address and the port 22. > > Simple as that. > > -Ron > > > On Tue, Jul 1, 2008 at 2:07 PM, Atkins, Dwane P <[EMAIL PROTECTED]> > wrote: >> Is there a way that I can disable SSH from my private side address to > the >> default gateway or in this case, the LAN address? Can I do it via a > Linux >> command? >> >> >> >> In other words, if my LAN interface is 10.6.5.8 and my DHCP (private > side) >> addresses are 10.6.5.10 - .100. I want to ensure that those addresses > cannot >> SSH into the private side address. >> >> >> >> Thank you >> >> >> >> Dwane Atkins >> >> 210-567-0158 >> >> [EMAIL PROTECTED] >> >> > > > > -- > Ronald Reagan - "Recession is when a neighbour loses his job. > Depression is when you lose yours." > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Steven Wright - "A lot of people are afraid of heights. Not me, I'm afraid of widths." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<<image001.gif>>
<<image002.gif>>
<<image003.gif>>
<<image004.gif>>
<<image005.gif>>
<<image006.gif>>
