View Single Post
Old 10th July 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Your auth.rules file should include a pass that allows ssh traffic through your internal interface. Such as:
Code:
allowed_tcp_ports="{ ssh, https, rdp }"

pass proto tcp from $user_ip to any port $allowed_tcp_ports
Several notes:
  • Position of the anchor in the main ruleset is important. The last matching rule wins.
  • Be careful with in, out, and on directives. These restrictions often cause more confusion, and therefore more problems, than they solve. You'll note my example rule doesn't use them.
Reply With Quote