Date: Fri, 7 Apr 2017 21:00:17 +0200 From: Polytropon <freebsd@edvax.de> To: Miha Smrekar <smrekar.miha@gmail.com> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@freebsd.org> Subject: Re: FreeBSD firewall configuration Message-ID: <20170407210017.0c2c2cbb.freebsd@edvax.de> In-Reply-To: <CAOVvEHXi2V89bF1iD-718v7V=thFfR4c-h1KDxoctoe207qwLQ@mail.gmail.com> References: <CAOVvEHXi2V89bF1iD-718v7V=thFfR4c-h1KDxoctoe207qwLQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 07 Apr 2017 08:47:04 +0000, Miha Smrekar wrote: > I started using your system and I have come to firewall configuration. Can > you tell me how to configure firewall (pf) that I will be able to connect > with the computer through SSH on port 1024. If I understand your question correctly, your computer (the target computer for the SSH connection) will listen on port 1024 for SSH, right? In order to do this, you need to open that port in your pf.conf, e. g.: ext_if="xl0" pass in quick on $ext_if inet proto tcp from any to $ext_if port 1024 keep state where xl0 is the network interface to connect to in my example. Also make sure you set sshd's configuration to actually listen on port 1024 instead of the standard one. ;-) More information here: https://www.freebsd.org/doc/handbook/firewalls-pf.html Regarding SSH, read 29.3.3.5. for details. You'll find much better suggestions for rules there, better than the basic rules I provided above. For PF introduction, check those for examples: http://srobb.net/pf.html https://forums.freebsd.org/threads/40707/ http://daemon-notes.com/articles/network/pf -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170407210017.0c2c2cbb.freebsd>