Blocking SSH to server

Follow

Ron Y

• November 25, 2025 21:08

I can't seem to block SSH to a server on my LAN. Ultimatly I would like to allow SSH to a server from only 1 IP which is on the same LAN. I have started by creating a rule for the server to block local port 22 from all local networks. But that rule doesn't seem to block any SSH attempt. Anyone have any suggestions on what the issue might be?

0

• 

  Firewalla

  • November 25, 2025 21:18

  You will need to do port forwarding, see https://help.firewalla.com/hc/en-us/articles/1500009502622-Create-Port-Forwarding-on-Gold-Purple-Series#h_01G6WRKH0DA4QVD0JGKG34GBQ5

   

  0

  Comment actions Permalink
• 

  Ron Y

  • November 25, 2025 21:50

  I'm not looking to open a port for external access. I am looking to block all local SSH to the server. 

  0

  Comment actions Permalink
• 

  FirewallaSupportDesk

  • November 26, 2025 00:34

  It depends on your network topology. If the device and the server are in the same LAN, and they are behind a switch, the local flow will just go over the switch, and won't traverse through Firewalla box; Hence, Firewalla is not able to monitor such local flows. Local Network Flows 

  0

  Comment actions Permalink
• 

  Bob O'Hara

  • November 26, 2025 16:22

  If it is possible with your wiring, it would be easiest to configure another port on the Firewalla to also carry the LAN. Then plug only your server into that Firewalla port. This ensures all the traffic to the server can be examined (and blocked) by the Firewalla.

  0

  Comment actions Permalink
• 

  Ron Y

  • November 26, 2025 16:25

  Thanks for the help. Makes sense that not all the traffic was being monitored and that's what I was missing. I was hoping to centralize access control on the firewalla device, but will now setup ACL on my omada switch to handle this.

  0

  Comment actions Permalink

Please sign in to leave a comment.