DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd August 2016
azdps azdps is offline
Port Guard
 
Join Date: Apr 2014
Posts: 25
Default SSH LAN access only

I would like to enable ssh but only allow a specific LAN client to access the server. Below is my setup:

Code:
             internet
                |
                |
           cable modem
                |
                |
  ----  dynamic wan ip (em0) ----
 |                               |
 |          openbsd              |
 |                               |
  ----- 10.255.255.1 (em1) -----
                |
                |
       wireless access point
           10.255.255.2
                |
                |
       --------------------
      |                    |
      |                    |
 10.255.255.100     10.255.255.101
   desktop              netbook

I would like to allow 10.255.255.101 to access the ssh server. Obviously this is LAN access only so I don't want any possible access to the ssh server from the internet. Could someone assist with providing a suggestion on a pf rule or rules to help me accomplish this. The wireless access point isn't doing any packet filtering. Thank you.
Reply With Quote
  #2   (View Single Post)  
Old 3rd August 2016
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,975
Default

Here is a simple pair of PF rules which may work. The first rule is the general case, blocking all traffic to the inbound ssh port. It would not be necessary if you already have a default block rule in place. The second rule is the specific case, permitting traffic to pass.
Code:
block proto tcp from any to self port ssh
pass proto tcp from 10.255.255.101 to self port ssh
More information can be found in the PF User's Guide.
Reply With Quote
  #3   (View Single Post)  
Old 4th August 2016
azdps azdps is offline
Port Guard
 
Join Date: Apr 2014
Posts: 25
Default

Works good jggimi. Thank you.

.

Last edited by azdps; 4th August 2016 at 06:08 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Access log marciorufino01 OpenBSD Security 1 28th June 2016 07:32 PM
DVD access zazen OpenBSD General 11 4th June 2009 03:28 PM
ssh access carpman FreeBSD Security 8 19th February 2009 12:26 PM
pf allow ftp access ijk FreeBSD Security 9 25th August 2008 04:12 AM
CD Access in KDE Scott FreeBSD General 10 13th May 2008 05:48 AM


All times are GMT. The time now is 04:37 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick