Flow rules - Only allow tcp 22 & 5900 (SSH & VNC)

These are my flow rules which seem to work BUT the endpoints can see each other via local network. How to block network discovery???

#accept ethertype arp; # so nodes can find each other
accept ipprotocol tcp and dport 22 and dport 5900;
accept dport 22 and dport 5900;
accept; # Accept what’s left, returning SSH and VNC traffic

We have an example in the knowledge base for RDP that can probably be modified for SSH & VNC. See here

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.