Disable HTTPS and SSH on PPP1?

I am stumbling trying to disable HTTPS and SSH on the WAN side ( PPP1 ).

I don’t want to turn off the service as I want to access it on the eth side. Firewall is enabled on PPP1, but am not sure how to block it.

Here is my fw.txt file:
#Allow outbound FTP traffic
pass out break end proto ftp from any to any port=ftpcnt flags S!A inspect-state
#Allow any other outbound traffic and the replies back in
pass out break end inspect-state
#Allow incoming IPSEC
pass break end proto 50
pass in break end proto udp from any to any port=ike
pass in break end proto udp from any to any port=ikefloat
#Allow any traffic within an IPSEC tunnel in both directions
pass break end oneroute any
#Allow incoming SSH and SFTP
#pass in break end proto tcp from any to any port=ssh flags S!A inspect-state
#pass in break end proto tcp from any to any port=https flags S!A inspect-state
#Block HTTPS
block in break end proto tcp from any to any port=https flags S!A inspect-state
#Block and log everything else including incoming telnet, http and FTP
block log break end

Your rules look ok. You don’t need the second last block as it the rules would match from top down and the last rule is block everything.

If you are turning the firewall on and off on PPP 1 you need to bounce it (ppp 1 deact_rq) sometimes for the firewall to kick in.

To fault this, reset the firewall with the “fw” command and then use the “type fwstat.hit”. Try and hit the SSH/HTTPS ports remotely and see which rules are being hit.

Nicholas Wilson
Your IoT
https://www.YourIoT.com.au