Firewall Bi-Directional Rule question

Advertisement

electronsandwich
Joined:
Posts:
1
Location:
USA

Firewall Bi-Directional Rule question

Firewall Bi-Directional Rule question
This question comes up a lot. Using winscp as an example. If you open a winscp session on source (1.1.1.1) and then attempt to move files to and from 2.2.2.2. Do you need a firewall rule in both directions? For example, suppose only the following firewall rule exists and that all traffic is blocked by default and that firewall is stateful. >

Source = 1.1.1.1 destination = 2.2.2.2 destination port = tcp/22 Action = Allow

In this scenario would you be allowed to move files in both directions within the same winscp session or would you only be allowed to move files from source to destination? It's a lot of extra work and an extra hole in the firewall to create the reverse rule if it's not necessary.

Reverse rule for reference > Source = 2.2.2.2 destination = 1.1.1.1 destination port = tcp/22 Action = Allow

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
36,227
Location:
Prague, Czechia

Re: Firewall Bi-Directional Rule question

SFTP/SSH uses only one outgoing TCP connection.

Reply with quote

Advertisement

You can post new topics in this forum