From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 7931281 for ecs-isp@2rosenthals.com; Wed, 20 Sep 2023 16:30:51 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:38710 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1qj3qK-0004Ev-2O for ecs-isp@2rosenthals.com; Wed, 20 Sep 2023 16:30:40 -0400 Received: from mta-202a.earthlink-vadesecure.net ([51.81.232.240]:43353) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1qj3qB-0006Dg-0f for ecs-isp@2rosenthals.com; Wed, 20 Sep 2023 16:30:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=MnSEuv+fOQ3Op45XASysEHpG/WBF0HezFhfvsS H3ybw=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-subscribe:list-post: list-owner:list-archive; q=dns/txt; s=dk12062016; t=1695241830; x=1695846630; b=XHXeYGOrDuMjmkRGbST4nizJGQnXTHxzodg2qyS2SttCD0zChA28gAl KtgIAJ39qVLxsOWz6Ku2yYHP9t/9zKBKn8w8yGU0lgMBqE1J/CiUbtN44Fllyo5xFSM1Qpa mV1MfaGQJZUyafCfdp3LYNDPbZtF+7WZOBShp4E4Ele/GqeNtJH2gwN1xJVm0rTHIz0A72F y/ckzVtycW0unWXi+pqbeaZyldIUl5nHUoORA785DHaEkdI1v3FHj5I5em5j27z9onrXSal ELbCPET5sxkrTF0p+BxTvKUSKxG3VYJpOQqYvCtiHo2s4+2WN+kkfkjOSRFldK8kGBqEWeJ FRg== Received: from slamain ([108.193.253.247]) by vsel2nmtao02p.internal.vadesecure.com with ngmta id 4754afad-1786b5765fe79e10; Wed, 20 Sep 2023 20:30:29 +0000 Message-ID: <650b535e.7.mr2ice.fgrirsq@earthlink.net> Date: Wed, 20 Sep 2023 13:17:34 -0700 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Injoy FW management port X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 09/20/23 at 09:53 AM, "Massimo S." said: Hi, >Injoy FW 4.2.2 the management port is open to the whole internet. Not really. Fgui will listen for connections on any visible IP. Whether or not this is the "whole" internet depends on your configuration. >Anyone know if is possible to restrict it to a certain range of IPs? As you already suspect, the answer is use a firewall rule. >Of course i know how to create the rule, but i don't know if it will work >or if "by design" it will remain open to the whole internet. I think you are making this too complicated. The management port is just another port and there are already rules that control access. See firewall.cnf and policy\gui-auth.cnf Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------