Forums

Scott Kuhn
Scott Kuhn
Offline
Resolved
0 votes
First deployment of COS, so please forgive such an elementary question...but I'm coming from too many years of firewalls where you set address objects, then rules, etc. Anyway...am looking for input on limiting, for example, webconfig, to a specific external IP address. I think I get how to enter in Custom Firewall--but then do I do anything with the webconfig rule in the Incoming Firewall section for that port setting?
Tuesday, July 23 2019, 10:19 PM
Share this post:
Responses (1)
  • Accepted Answer

    Wednesday, July 24 2019, 07:46 AM - #Permalink
    Resolved
    0 votes
    If you add a custom rule, you do not have to do anything else in the webconfig. The sort of rule you want is:
    $IPTABLES -I INPUT -s your_permitted_IP_address -p tcp --dport 81-j ACCEPT
    You should alwasd check the rule at the command line first but you have to use "iptables" there and not "$IPTABLES"

    If you make bad mistake in the Custom rules you can put the firewall into a restart loop. At that point you need to edit /etc/clearos/firewall.d/custom and remove the errant rule.

    [edit]
    My preferred option is not to open the firewall to anything like webconfig or SSH, but to use OpenVPN instead. With that you can then connect to ClearOS as if you are connected to the LAN and it is much more secure. If you go down this route, it is best to avoid the subnets 192.168.0.0/24 and 192.168.1.0/24 on your LAN.
    [/edit]
    Like
    1
    The reply is currently minimized Show
Your Reply