Open external port into ipFire firewall?

dazz · 23 April 2023 09:40

Hi
Thanks, I wasn’t aware of sslh before now. It looks like it is designed for large scale complex applications and it looks like it would be good for that.

I am multiplexing ssh ports already using tunnels within tunnels with standard ssh commands. I have been using ssh tunnels to multiplex for about 13 years. OpenSSH also implements multiplexing commands but I haven’t tried it yet. [Using SSH Multiplexing](https://Using SSH Multiplexing) I think OpenSSH multiplexing would work well for simple apps.

bonnietwin · 23 April 2023 10:49

I made an error with what I said about all of sshd_config being overwritten.

See my edit in post 38 above.

dazz · 23 April 2023 23:24

Hi Adolf
That edit provides really important information for anyone (like me) who’s skill set is somewhere between a WUI user and a developer, and wants to lightly customize some features with the relevant user-editable config files.

I rummaged around the documentation pages to see where this info could fit. The Reference section https://wiki.ipfire.org/configuration/firewall includes some useful info for customisation with examples. All good.

I thought I could make a contribution ipFire by adding key information from this thread to the documentation, including your edit. I clicked on the “Edit Page” link which took me to the page editor. There I saw the text surrounded by cryptic (to me) formatting symbols. As far as I can tell, there is no ipFire style guide or instructions on how to edit the documentation. I could spend time and effort figuring out what they all mean, but that is just another barrier to cross.

Out of all of this, there is one feature that I think should be added to the WUI. That is the option of blocking ssh root access from just the RED interface. My preference is to use the WUI but I suspect that many (most?) advanced users administer ipFire from the GREEN network and do not want or require ssh root access from RED. I have found some examples of how this can be done in the sshd_config file, but to test them, I need to setup a keyboard/monitor directly onto my ipFire computer to mitigate the risk of locking myself out from ssh network access.

The logical extension of this would to also block access to the WUI from the RED network if not already done. I haven’t tried it.

jon · 24 April 2023 01:49

The wiki uses something called “markdown”. And the syntax is here:

https://wiki.ipfire.org/wiki/syntax

Quite honestly you could add simple text and most of it would be fine.

dazz · 24 April 2023 09:20

Hi
The markdown syntax is simple after reading the guide.
I will have a go at adding to the documentation over the next few weeks.

dazz · 28 April 2023 07:40

Hi
If I make documentation changes, to I need to tell anyone or do anything else?

bbitsch · 28 April 2023 07:48

Usually changes to the wiki are reported to a couple of moderators/developers. Therefore I don’t think you have to tell this additionally.