I have several ports opened for various things. I'd like to lock some of the ports down by IP address.
I'm not seeing how to do this with the firewall/NAT interface. Can someone help me out with how that is done?
Ugh. Seriously, I tried this and it did not work. Now, you tell me to do it and it works.Even without an (complete) export, set the Src. Address (or a list if you have multiple IP addresses) on your NAT rule.
This is good because as soon as you add a source address list, when one does a scan of their ports, the port does not appear at all.
Without the source address list if you scan your ports, the dst nat port is visible but closed. I prefer invisible LOL.
add address=15.16.17.18 comment="Test" list="Test-allow-list"
add action=accept chain=input comment="testing" \
dst-port=12345 in-interface=Ether1 protocol=tcp \
src-address-list="Test-allow-list"
add action=accept chain=input comment="Testing" \
dst-port=12345 in-interface=Ether1 protocol=tcp \
src-address=15.16.17.18
Too cold....yes you should be crazy and should move up to Canada ;-)