Restrict IP ranges for ssh

Status
Not open for further replies.
J

jucestain

Cadet
Joined
Apr 22, 2017
Messages
9
This may be tangentially related to my previous post, but I am trying to restrict the ranges of IPs which can connect to my NAS. I have set:

cat /etc/hosts.allow
...
sshd : 10.41.411. 129.69. 160.149. 128. : allow

To allow these ranges and it actually worked well. But, I recently rebooted my NAS after an update and the /etc/hosts.allow file got "refreshed". Is there an option in the GUI or a different way to allow this to persist through reboot? Also, I have already set up key based authentication but I still would like to restrict IP ranges.
 
Vito Reiter

Vito Reiter

Wise in the Ways of Science
Joined
Jan 18, 2017
Messages
232
Try Services > SSH > Options, Go into the Advanced Mode or Options at the bottom. Try to put your code into the extra options box and see if it works as expected. I'm not positive it will work, but it's worth a shot.
 
Spearfoot

Spearfoot

He of the long foot
Moderator
Joined
May 13, 2015
Messages
2,478
jucestain said:
This may be tangentially related to my previous post, but I am trying to restrict the ranges of IPs which can connect to my NAS. I have set:

cat /etc/hosts.allow
...
sshd : 10.41.411. 129.69. 160.149. 128. : allow

To allow these ranges and it actually worked well. But, I recently rebooted my NAS after an update and the /etc/hosts.allow file got "refreshed". Is there an option in the GUI or a different way to allow this to persist through reboot? Also, I have already set up key based authentication but I still would like to restrict IP ranges.
Click to expand...
You're tinkering with OS files on FreeNAS, which is officially verboten! :D

That said... you might have better luck with a postinit script that creates the /etc/hosts.allow file with the settings you want. I do something very similar to create a swap file and modify /etc/fstab at bootup:
Code:
#!/bin/sh

logfile=/mnt/tank/sysadmin/logs/setup-swap.log
ourswapfile="/usr/swap0"

echo "$(date): $0 started" | tee ${logfile}

if [ -f ${ourswapfile} ]; then
  echo "Swap file ${ourswapfile} exists" | tee -a ${logfile}
else
  dd if=/dev/zero of=${ourswapfile} bs=1m count=8192
  chmod 0600 ${ourswapfile}
  echo "Created swap file ${ourswapfile}" | tee -a ${logfile}
fi

echo "md99 none swap sw,file=${ourswapfile},late 0 0" >> /etc/fstab
swapon -aL | tee -a ${logfile}

echo "=== Contents of /etc/fstab ===" | tee -a ${logfile}
cat /etc/fstab | tee -a ${logfile}
echo "==============================" | tee -a ${logfile}

echo "$(date): $0 completed" | tee -a ${logfile}

You might try something like this:
Code:
#!/bin/sh
echo "sshd : 10.41.411. 129.69. 160.149. 128. : allow" > /etc/hosts.allow

You may have to chmod the file appropriately... I dunno.

Good luck!
 
Status
Not open for further replies.

Similar threads

M
  • Locked
IP restriction for NFS
Replies
3
Views
4K
dlavigne
D
vladak
list of IP addresses for TrueNAS upgrade
Replies
3
Views
1K
Ericloewe
Ericloewe
onthax
FreeNAS + Fail2ban for ssh block using hosts.allow
2
Replies
28
Views
14K
Volte
Volte
B
I use plex Media Server on two network cards with different ip with Freenas
Replies
4
Views
4K
bluj
B
V
Restrict NAS access to local IPs only
2
Replies
22
Views
6K
Whattteva
Whattteva
Top