your rule is right just disable 'Advanced -> Misc -> Bypass firewall rules for traffic on the same interface' and it should work.
-Ron On Tue, Jul 1, 2008 at 2:29 PM, Atkins, Dwane P <[EMAIL PROTECTED]> wrote: > > > Proto > > Source > > Port > > Destination > > Port > > Gateway > > Schedule > > Description > > TCP > > * > > * > > LAN address > > 22 (SSH) > > * > > > > No SSH from inside to Lan address > > TCP > > * > > * > > WAN address > > 22 (SSH) > > * > > > > Disallow SSH to Wan route > > * > > LAN net > > * > > * > > * > > * > > > > Default LAN -> any > > > > > > > > -----Original Message----- > From: Ron Blanchett [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 01, 2008 1:27 PM > To: [email protected] > Subject: Re: [pfSense Support] Disable SSH to the private side interface > > > > Yes rules reas top to bottom. > > > > Please attach a copy of your rule as it is displayed in on the Lan fw > > tab. this will help in finding the problem with the rule. > > > > -Ron > > > > On Tue, Jul 1, 2008 at 2:20 PM, Atkins, Dwane P <[EMAIL PROTECTED]> wrote: > >> Ron, > >> > >> Thanks for the quick answer. > >> > >> I have a LAN rule that I assumed stated deny tcp any Lan Interface eq > >> ssh. > >> > >> If the DHCP address and the lan gateway are in the same subnet, it > >> doesn't appear to work. > >> > >> Another question about Firewall Rules are do they read for top to > >> bottom? I have put these denies above the permit ip any any statement > >> in the Lan rules. > >> > >> Am I doing something wrong? > >> > >> Dwane > >> > >> -----Original Message----- > >> From: Ron Blanchett [mailto:[EMAIL PROTECTED] > >> Sent: Tuesday, July 01, 2008 1:17 PM > >> To: [email protected] > >> Subject: Re: [pfSense Support] Disable SSH to the private side interface > >> > >> Just add a reject or drop rule on the lan interface > >> Specify a source range and make the destination address your lan > >> interface address and the port 22. > >> > >> Simple as that. > >> > >> -Ron > >> > >> > >> On Tue, Jul 1, 2008 at 2:07 PM, Atkins, Dwane P <[EMAIL PROTECTED]> > >> wrote: > >>> Is there a way that I can disable SSH from my private side address to > >> the > >>> default gateway or in this case, the LAN address? Can I do it via a > >> Linux > >>> command? > >>> > >>> > >>> > >>> In other words, if my LAN interface is 10.6.5.8 and my DHCP (private > >> side) > >>> addresses are 10.6.5.10 - .100. I want to ensure that those addresses > >> cannot > >>> SSH into the private side address. > >>> > >>> > >>> > >>> Thank you > >>> > >>> > >>> > >>> Dwane Atkins > >>> > >>> 210-567-0158 > >>> > >>> [EMAIL PROTECTED] > >>> > >>> > >> > >> > >> > >> -- > >> Ronald Reagan - "Recession is when a neighbour loses his job. > >> Depression is when you lose yours." > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > > > -- > > Steven Wright - "A lot of people are afraid of heights. Not me, I'm > > afraid of widths." > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Will Rogers - "I don't make jokes. I just watch the government and report the facts." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
