Solved Firewalla block SSH from all devices while allowing a specific device access. - AmIBeingObtuse/Youtubestacks GitHub Wiki

Information is for use with a Firewalla device https://firewalla.com/?rfsn=7967250.640af7

I reached out to the amazing support team at [email protected] and they solved this.
This should help you too.

I only wanted my tablet on my wireguard network to be able to SSH into my home server and from no where else.

Now granted using the Linux uncomplicated firewall you could just run on the home server or whatever device “sudo ufw allow ssh/tcp from 10.200.26.12 to any port 22” and that would only accept SSH from the IP address specified negating the requirement to do this on the firewalla.

But… We are asking this question so the answer from support is as follows. Plus it’s fun to learn to do this at the network firewall level.

Create rule 1
Action – Block
Matching local port TCP 22
Traffic from all local networks
On device – the device with SSH on in my case my home server.
Active time – Always

Create rule 2
Action – Allow
Matching IP address – in my case my android tablet 192.168.1.59:22 (including the port number).
On device – My android tablet selected from the list
Direction – outbound only.
Active time – Always

This then has the effect of blocking port 22 on your chosen device from every device on your network. While allowing in my case my android tablet to continue to connect SSH on my home server. It works flawlessly if set correctly.

Initially I was blocking all traffic on local port 22 from all local networks and then allowing 22 on my android tablet IP on device home server which did not work.

Hope that helps you. I can’t take credit though as support resolved this for me via support access. Please pass on my thanks. u/firewalla 86036