1. Home
  2. Networking Firewalls
  3. KPF 2.1.5: Catch-all rule complicates having firewall ask about incoming ssh

KPF 2.1.5: Catch-all rule complicates having firewall ask about incoming ssh

I would like KPF to ask whether to allow incoming TDP connections to port 22. Creating a rule only lets the user choose whether to permit or deny the connection, not whether to prompt for permission or denial. I thought that I could delete the rule altogether, in which case the user is prompted to permit or deny the incoming ssh. However, the last rule of the firewall is a catch-all rule that denies any connections not covered by any other rules. This prevents KPF from prompting for incoming TDP connections to port 22. Is there a way to have KPF prompt for incoming connections to port 22, yet still maintain the catch-all rule?

Thanks.

Reply to
Dubious Dude
Loading thread data ...

The short answer is no.

The catch-all is meant to be put into place after you have tuned the firewall for all the inbound connection you plan on accepting. That way it will not keep prompting you when new ports are attempted but simply deny them.

If you actually want someone to be able to connect to your port 22 it makes more sense to simply allow it in your rules. You could even restrict the IP addresses allowed to connect. Finally, ensure your ssh application is fully patched and hardened so only authorized parties can get through.

Cheers,

Systemguy

Reply to
Systemguy

Thank you, Systemguy. I did in fact end up creating a rule for port 22 that allows connections from a certain address range. Hardening is something I have to read up on.

Reply to
Dubious Dude

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.