Quote:
Originally Posted by sumpin
Any reason not to add:
-A wlan-in -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
to fw-base.txt (i.e., added-bbb-*.txt) to allow in-bound ssh over wifi?
Note: I've populated authorized_keys and added
PasswordAuthentication no
to /mnt/us/usbnet/etc/sshd_config so I'm pretty comfortable with it my case. I'm happy to patch the file for myself each time I update it but thought I'd mention it. I find it much more convenient to ssh over wifi than ssh over usb. I don't want to lose this ability in order to gain BBB coverage.
|
The rule-set is in end-user writable space so they can get their mitts on it.
There will be a button that handles the firewall rules (inbound), the modules (as required), and starting a service (like sshd on one off the interfaces) - Some Day - RSN.
But if you want to diddle with the rule-set - - feel free.
I just ask that you don't change the linked-table structure I have setup.
That is required so, for example, the proper place to insert a newly allowed in-bound service is rule #1 of the interface input chain the service is to be allowed on.
You seem to follow the structure - wlan-in rule #1 is the place to put it - just like you did.