<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<ul>
<li>Is your Freedombox behind a home router ? If yes may be it's
possible to use another external port forwarded to the usual
port 22 TCP for SSH ?<br>
So for example, the router will forward people coming on the
target external port 6666 to internal 22... and you will have
nothing to set up in Freedombox :)<br>
</li>
</ul>
<br>
<ul>
<li>I'm sure it's possible by using some command lines, you will
find them in the doc° about "firewall". (or I'm wrong... not
tried yet in my case!)<br>
<a class="moz-txt-link-freetext" href="https://wiki.debian.org/FreedomBox/Manual/Firewall">https://wiki.debian.org/FreedomBox/Manual/Firewall</a></li>
</ul>
[...]<br>
<p class="line874">To add a port to a zone:</p>
<pre>firewall-cmd --zone=internal --add-port=<port>/<protocol>
<span class="anchor" id="line-2-6"></span>firewall-cmd --permanent --zone=internal --add-port=<port>/<protocol>
</pre>
<p class="line874">Example: <span class="anchor" id="line-147"></span><span
class="anchor" id="line-148"></span><span class="anchor"
id="line-149"></span><span class="anchor" id="line-150"></span></p>
<pre><span class="anchor" id="line-1-15"></span>firewall-cmd --zone=internal --add-port=5353/udp</pre>
<pre><span class="anchor" id="line-2-7"></span>firewall-cmd --permanent --zone=internal --add-port=5353/udp</pre>
[...]
<p class="line874">I've never tried those commands, but I think you
can use them to remove default port 22, and add your new port to
external/internal zones to have it managed by firewall service.<br>
Not sure if it will appear in Plinth interface...<br>
<span class="anchor" id="line-141"></span><span class="anchor"
id="line-142"></span><span class="anchor" id="line-143"></span><span
class="anchor" id="line-144"></span></p>
<br>
<br>
<br>
<div class="moz-cite-prefix">Aaron Ferrucci :<br>
</div>
<blockquote
cite="mid:CALg=gdE8uvnNRxk+4CNSZ2nU8AvyniiVwkHz45kR0HsBsRCDew@mail.gmail.com"
type="cite">
<pre wrap="">Hi all,
I see thousands of ssh login attempts on my freedombox. I've disabled
password login, so I think I'm pretty secure, but the attacks are
wasting cycles and filling my log files.
I've configured sshd to use a non-standard port (security by
obscurity) - I think that would reduce or eliminate the attacks - but
I believe the firewall is now getting in the way. So my question: how
can I open up the firewall for tcp on my non-standard port number? Is
that via the plinth interface, or is it a command-line thing (either
is fine).
If someone can point me in the right direction, I'll add a paragraph
on this to the manual.
thanks,
-Aaron
_______________________________________________
Freedombox-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freedombox-discuss@lists.alioth.debian.org">Freedombox-discuss@lists.alioth.debian.org</a>
<a class="moz-txt-link-freetext" href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss">http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss</a>
</pre>
</blockquote>
<br>
</body>
</html>