Murus, firewall, and screensharing

Murus
Post Reply
howardm
Posts: 9
Joined: Sat Apr 04, 2015 6:43 pm

Murus, firewall, and screensharing

Post by howardm » Fri Feb 26, 2016 11:16 pm

Hi Hany,

I plan to create a whitelist (block everyone else) just for myself for screensharing to my server. I'll specify an I.P. range to cover myself from home and work. I haven't configured Murus to use the Boot Scripts to restart on rebooting.

If I'm travelling, and want to screenshare from a different I.P. address [IPaddress], what's the most appropriate command to issue from the command line to accomplish this (I can ssh-in to do this) ?

I can then connect via screenshare, etc. After I'm done with that (usually brief) session, what should I do ?

If I can do this on a case-by-case basis without otherwise messing with: STOP, edit group, START again — that'll be nice!

Thanks.

Howard

howardm
Posts: 9
Joined: Sat Apr 04, 2015 6:43 pm

Re: Murus, firewall, and screensharing

Post by howardm » Sat Feb 27, 2016 6:56 am

Update: Let me take a stab at this myself.

For VNC:

1. Create a new group in Groups Library called "allow_screensharing". Put my current I.P.(s) in it
2. Remove Everyone (current setting) by putting "allow_scrensharing" in Allowed Groups.

When travelling, use the following command(s):

1. pfctl -t allow_screensharing -T add [current I.P. address]

[Screenshare]

2. pfctl -t allow_screensharing -T delete [current I.P. address]

.......

Done.

Does that seem right ?

Thanks.

Howard

howardm
Posts: 9
Joined: Sat Apr 04, 2015 6:43 pm

Re: Murus, firewall, and screensharing

Post by howardm » Mon Feb 29, 2016 12:52 am

Follow-up:

I confirm that it works for me.


Howard

hany
Posts: 483
Joined: Wed Dec 10, 2014 5:20 pm

Re: Murus, firewall, and screensharing

Post by hany » Thu Mar 03, 2016 2:08 pm

Howard,
sorry for the late answer, yes this is the best way to do it. Of course the change is made in runtime PF tables, so Murus is unaware of that change in its configuration.
It would be nice to have a Murus shell front end to be able to modify Murus configuration and pf rules directly from the command line... :)

Post Reply