Re: KPF 2.1.5: Catch-all rule complicates having firewall ask about incoming ssh
- From: Dubious Dude <Shifty@xxxxxxxx>
- Date: Tue, 17 Jul 2007 00:43:41 -0400
Systemguy wrote:
"Dubious Dude" <Shifty@xxxxxxxx> wrote in message
news:f7d63p$sb6$1@xxxxxxxxxxx
I would like KPF to ask whether to allow incoming TDP connections to port
22.
Creating a rule only lets the user choose whether to permit or deny the
connection, not whether to prompt for permission or denial. I thought
that I
could delete the rule altogether, in which case the user is prompted to
permit
or deny the incoming ssh. However, the last rule of the firewall is a
catch-all
rule that denies any connections not covered by any other rules. This
prevents
KPF from prompting for incoming TDP connections to port 22. Is there a
way to
have KPF prompt for incoming connections to port 22, yet still maintain
the
catch-all rule?
Thanks.
The short answer is no.
The catch-all is meant to be put into place after you have tuned the
firewall for
all the inbound connection you plan on accepting. That way it will not keep
prompting you when new ports are attempted but simply deny them.
If you actually want someone to be able to connect to your port 22 it makes
more sense to simply allow it in your rules. You could even restrict the IP
addresses allowed to connect. Finally, ensure your ssh application is fully
patched and hardened so only authorized parties can get through.
Thank you, Systemguy. I did in fact end up creating a rule for port 22 that
allows connections from a certain address range. Hardening is something I have
to read up on.
.
- References:
- Prev by Date: Re: KPF rule specification of remote subnet address and mask
- Next by Date: Re: Vista FW outbound check
- Previous by thread: Re: KPF 2.1.5: Catch-all rule complicates having firewall ask about incoming ssh
- Next by thread: Why is MS listening
- Index(es):
Relevant Pages
|
