My rule to allow traffic only to and from server does not work

domanpanda · September 23, 2023, 7:13pm

I want that all clients can only sync with server. No other traffic should be allowed. I tried to close all traffic except synchronization service (Synology Drive).

accept
  dport 6690
  and ipprotocol tcp
  and ipdest 10.244.210.3/32
;

accept
  sport 6690
  and ipprotocol tcp
  and ipsrc 10.244.210.3/32
;

drop;

But i get

$ telnet 10.244.210.3 6690
Trying 10.244.210.3...
telnet: Unable to connect to remote host: No route to host

So how to do it?

Offcourse it works wit default settings

$ telnet 10.244.210.3 6690
Trying 10.244.210.3...
Connected to 10.244.210.3.
Escape character is '^]'

domanpanda · September 23, 2023, 8:27pm

ok adding this seems to solve the issue

accept ethertype arp;

system · October 23, 2023, 8:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.