View Single Post
Old 22nd July 2019
calanon calanon is offline
Port Guard
Join Date: Jul 2019
Posts: 38

Originally Posted by jggimi View Post
Your auth.rules file should include a pass that allows ssh traffic through your internal interface. Such as:
allowed_tcp_ports="{ ssh, https, rdp }"

pass proto tcp from $user_ip to any port $allowed_tcp_ports
Several notes:
  • Position of the anchor in the main ruleset is important. The last matching rule wins.
  • Be careful with in, out, and on directives. These restrictions often cause more confusion, and therefore more problems, than they solve. You'll note my example rule doesn't use them.
I assume that you mean place the anchor at the end?
Reply With Quote