Good morning everyone.
I present a case:
I have a server that requires remote desktop access, however I understand that it is a vulnerability, so my question is:
Is there a way to allow access through the firewall only to a certain group of mac addresses?
I currently use port forwarding by location and only allow those from my country, but it would be a safer measure to check that only certain mac addresses are allowed.
Is it possible with IPFire?
This isn’t possible. MAC addresses should be unique for all ethernet devices. But they are used for identification in local context only, between two ethernet endpoints.
Therefore all packets arriving at the red NIC have MAC address of the access device as sender address. Not the address of the original sender.
I understand, and you’re right about that. I had not thought that the mac is not from the original user.
On the other hand, what alternatives exist to limit the use of RDP? Before, I was constantly attacked by multiple countries, when I limited access to my region, the attacks stopped, but in case access is needed from Russia, for example, it is opening the doors to one of the countries that are the source of attacks.
Honestly I think you‘ll need to look into a vpn - be it ipsec or openvpn. First you‘ll establish the vpn tunnel and afterwards you are accessing the remote server via RDP. Then you can close the rdp port on the firewall as the only connection is from your vpn network.
I had wanted to avoid the vpn thing since it is a subject that I do not fully master, but I certainly think it will be the best.
It is easier than it looks. I‘d recommend the openvpn variant in ipfire. While I had both working (openvpn, ipsec) the former was easier to deploy on my apple devices.
With tailscale there is an even easier system - or so I‘ve heard. I‘d go that way to get your feet wet so to speak. That needs an account on tailscale.com and an installation on the machines you want connected. But it‘s hassle free and is far more secure than a forwarded port for rdp.