Allow SSH only from internal lan ?
Asked by
John Travell
I want to allow an incoming SSH connection from any address on my lan EXCEPT my router. (I cannot control my router software, so I cannot be certain there are no undocumented vulnerabilities!)
In GUFW I have set a rule to allow SSH inbound in the Home profile, without a specified source IP, and left the Office and Public profiles at default, incoming reject.
(1) Will this expose me to risk if my router gets hacked ?
(2) Would a second rule (placed first?) that rejects connections from my router IP address work to achieve this goal (1)?
While possibly implicit in the name, is there a clear statement anywhere that specifies exactly which IP address ranges (relative to the GUFW host) are covered by each profile ?
John T.
Question information
- Language:
- English Edit question
- Status:
- Expired
- For:
- Ubuntu ufw Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
To post a message you must log in.