Disable 22 port wireless

Hello,

How can I disable 22 port in my home network? In my wifi network a device get 192.168.200 ip address I can access with my laptop with SSH port. I would like to disable, but I don't know how.

If you want to block SSH access from the 192.168.200.0/24 network to the router itself, you can use this rule.

uci add firewall rule
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].name='Reject-SSH'
uci set firewall.@rule[-1].src_ip='192.168.200.0/24'
uci set firewall.@rule[-1].src='*'
uci set firewall.@rule[-1].target='REJECT'
uci commit firewall
/etc/init.d/firewall restart

If I did not understand you correctly, please explain again what you want to achieve.

1 Like

Sorry I forgot one number. The correct IP range is: 192.168.1.200 in 192.168.1.1/24 network

uci add firewall rule
uci set firewall.@rule[-1].dest_port='22'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].name='Reject-SSH-From-200'
uci set firewall.@rule[-1].src_ip='192.168.1.200/32'
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].target='REJECT'
uci commit firewall
/etc/init.d/firewall restart

Thank you! Could you please write me the graphics Luci steps?

LuCI->Network->Firewall->Traffic Rules

I tried it, but it doesn't work. The IP address is still available via SSH

Did you restart firewall with Save/Apply?

I set it up in the graphical interface.

If everything is 192.168.1.0/24 how is any of the traffic going to traverse the firewall?

I don't understand this idea. The default ip range 1.1 not 1.0

I made the assumption that your network is a class c beginning with 192.168.1.0 and ending with 192.168.1.255.

If I am incorrect, please forgive me.

Yes, all device are in this range. Default is 192.168.1.0/24. I have a smart home hub - 192.168.1.200 - I want to disable port 22 so that I can't connect to it from my laptop (192.168.1.100) using SSH.

The router firewall isn't going to help you do that. Not while all your devices are in the same subnet.

2 Likes

If your home hub is on 192.168.1.200 and your laptop is on 192.168.1.100, change the source address in the gui to your laptop ip (192.168.1.100), save and apply.

The rule says “reject any connection to port ‘22’ from a device with ip at 192.168.1.200

That won’t work unfortunately, the firewall isn’t involved in traffic across the routers switch / lan zone.

2 Likes

Is there no way to set it to involve?

Yes, you could put each device on a separate subnet, or use VLANs, but the correct way to limit access to a service within your local network is on the device itself.

Disable ssh on the device you don’t want to have it available on, or limit which devices can access ssh via access list on the device.

or create a bogus interface, on a separate subnet, and only bind uhttpd and ssh to that subnet.
adding a 2nd subnet to the br-lan could also work, but I'm not sure if it's doable.

Or find a way to turn off/filter port 22 on the smart home hub itself