From owner-freebsd-questions@freebsd.org Fri Apr 7 19:00:23 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9126CD33422 for ; Fri, 7 Apr 2017 19:00:23 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay10.qsc.de (mailrelay10.qsc.de [212.99.163.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 06345A1F for ; Fri, 7 Apr 2017 19:00:22 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay10.qsc.de; Fri, 07 Apr 2017 21:00:19 +0200 Received: from r56.edvax.de (port-92-195-127-117.dynamic.qsc.de [92.195.127.117]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 7AEAD3C77D; Fri, 7 Apr 2017 21:00:18 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id v37J0Hha002103; Fri, 7 Apr 2017 21:00:17 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Fri, 7 Apr 2017 21:00:17 +0200 From: Polytropon To: Miha Smrekar Cc: "freebsd-questions@FreeBSD.org" Subject: Re: FreeBSD firewall configuration Message-Id: <20170407210017.0c2c2cbb.freebsd@edvax.de> In-Reply-To: References: Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay10.qsc.de with B2ECA683C91 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.2809 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2017 19:00:23 -0000 On Fri, 07 Apr 2017 08:47:04 +0000, Miha Smrekar wrote: > I started using your system and I have come to firewall configuration. Can > you tell me how to configure firewall (pf) that I will be able to connect > with the computer through SSH on port 1024. If I understand your question correctly, your computer (the target computer for the SSH connection) will listen on port 1024 for SSH, right? In order to do this, you need to open that port in your pf.conf, e. g.: ext_if="xl0" pass in quick on $ext_if inet proto tcp from any to $ext_if port 1024 keep state where xl0 is the network interface to connect to in my example. Also make sure you set sshd's configuration to actually listen on port 1024 instead of the standard one. ;-) More information here: https://www.freebsd.org/doc/handbook/firewalls-pf.html Regarding SSH, read 29.3.3.5. for details. You'll find much better suggestions for rules there, better than the basic rules I provided above. For PF introduction, check those for examples: http://srobb.net/pf.html https://forums.freebsd.org/threads/40707/ http://daemon-notes.com/articles/network/pf -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...