[BlueOnyx:26934] Re: Blocking SSH Access
Colin Jack
colin at mainline.co.uk
Sun Apr 21 07:17:53 -05 2024
Thanks Michael,
/etc/apf/glob_allow.rules isn't the right place to do this. That is a
rule-file that is downloaded from an external URL. See "Server
Management" / "Security" / "APF" and then in the "External
Resources"-tab expand "Own Remote Rules". There you could specify an URL
to a remote glob_allow.rules and glob_deny.rules file.
That is probably why it doesn’t work. 😊
If the feature "Own Remote Rules" isn't enabled (which it usually
isn't), then /etc/apf/glob_allow.rules is wiped clean on each APF
restart. So that's why your changes didn't stick.
The one you're really looking for is this:
/etc/apf/allow_hosts.rules
Which you can also edit via the GUI in APF's "Whitelist"-tab.
This is what I have always done in the past but in this case it doesn’t stick. Not sure why. This is the latest version of APF and Fail2ban. Will try again adding manually.
To close the SSH port (except for specifically whitelisted IPs) go to
APF's "Ports" tab and remove port 22 from the list of open TCP ports and
save the changes.
That should do it.
Thanks – I will try that.
Kind regards
Colin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20240421/64d5f4f6/attachment.html>
More information about the Blueonyx
mailing list