ssh access

Started by tdalej, January 06, 2025, 10:54:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 06, 2025, 10:54:54 PM
It seems in the gui the ability to enable ssh access is global and I don't see anything that is interface specific.
Is the WAN interface disabled for ssh access by default?


January 06, 2025, 11:10:30 PM #1
The WAN interface blocks all incoming connections by default by firewall rules, so services listening to all interfaces is not a security concern and is generally the recommended way to run e.g. SSH, Unbound, etc.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 07, 2025, 11:34:17 AM #2
I don't disagree with Patrick, but [System -> Settings -> Administration -> Secure Shell -> Listen Interfaces] is a thing....
January 07, 2025, 08:48:24 PM #3
So:
WAN blocked by default
LANS have access by default

I need to block access from some LANs I need to create firewall rules.
January 08, 2025, 09:44:02 AM #4
Only the default LAN interface was given an allow any to any rule (IPv4 and IPv6).
If this is not appropriate, you can curtail this further.
Additional interfaces get no default rules, just the minimal automatically generated rules (up to DHCP).

You don't necessarily need to block anything if you didn't allow more than needed (and if you did, you can be more granular).
Print
Go Up Pages1
User actions