Ask / Submit
14

Remote shell over cellular+vpn in Sailfish 3.0.1.11 / 3.0.2.8

asked 2019-01-13 17:31:02 +0300

Pasko gravatar image

updated 2019-03-21 21:23:11 +0300

Hi.

Version 3.0.1.11 of Sailfish comes with new firewall rules to improve security. One of these changes forbids remote ssh access over the cellular connection which is great.... except if you are already securing your cellular data connection through an VPN.

In order to recover ssh access via cellular+VPN I added a few lines at the end of file:

/etc/connman/firewall.d/00-devmode-firewall.conf

The lines added where these:

    ...
[vpn]

IPv4.INPUT.RULES = -p tcp -m tcp --dport 22 -j ACCEPT
IPv6.INPUT.RULES = -p tcp -m tcp --dport 22 -j ACCEPT

After these changes, restart the network subsystem via Settings App -> Utilities -> Restart Network and try to connect again to see if it works.

I hope this helps someone :).

Regards.

EDIT 2018/03/21: After upgrading to release 3.0.2.8 the last step didn't work. I had to use:

root@Sailfish # systemctl restart connman

To make it work. (It may log you out if you're connected remotely :D )

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
2

answered 2019-03-26 10:11:45 +0300

jlaakkonen gravatar image

Nice that you've found the firewall configurations. I'd suggest adding a separate file for own rules into the /etc/connman/firewall.d/ - the files are processed in alphabetical order and each must have a firewall.conf suffix. Main reason for adding separate files for own rules is that these files installed by configuration packages may be overwritten or the contents can change between version updates.

Documentation for the firewall is available at https://jolla.zendesk.com/hc/en-us/articles/360017800813-Firewall-in-Sailfish-OS

edit flag offensive delete publish link more

Comments

Hi.

Thanks a lot.I'll take a look and keep it in mind.:)

Regards.

Pasko ( 2019-03-26 10:48:19 +0300 )edit
Login/Signup to Answer

Question tools

Follow
9 followers

Stats

Asked: 2019-01-13 17:31:02 +0300

Seen: 424 times

Last updated: Mar 21