View Single Post
Old 10th July 2019
calanon calanon is offline
Port Guard
Join Date: Jul 2019
Posts: 38

Originally Posted by jggimi View Post
You do not need to use separate /users/ authpf rule files, unless you need rules that are unique to each authenticating user. You can use $user_ip or $user_id in a single rules file, as each user who authenticates will have its set of rules defined under its own anchor point, located at the authpf/* anchor point you defined.
Is the address the address of the external interface? Your pass rule
pass in on $extif proto tcp to ($extif) port $allowed_tcp_ports
is the only TCP pass rule in effect, until you authenticate. This rule will pass TCP traffic inbound on the external interface from any IP address, with any source port number, as long as the destination address is an address assigned to that external interface, with a destination port number matching the port numbers for ssh, https, and rdp defined in /etc/services.
Yes that is the external interface, so what rule would I need once authenticated to allow SSH to be passed through the internal interface allowing me to SSH to other boxes in that DMZ ?
Reply With Quote