I would like to allow for remote backups for my family. For this I use wireguard and allow only a previous given IP for every client. For security reasons I would like to only allow all IPs to access TrueNAS on its SMB ports. Except for myself. I would like to allow myself to also access the webGUI.
So I thought of implementing this using firewall rules for the entire wireguard-space that deny all but the SMB ports. And off course the exception of my own access rights.
1. Question
Does this sound like a reasonable approach for remote backups for my family? Or are there flaws/security issues? What would be an alternative, if this is bad?
2. Question
If the approach is reasonable: how does one proceed to implement such firewall rules in TrueNAS Scale? In TrueNAS Core I had a jail with ipfw rules to act accordingly.
Thank you and yours sincerely
NicJak
So I thought of implementing this using firewall rules for the entire wireguard-space that deny all but the SMB ports. And off course the exception of my own access rights.
1. Question
Does this sound like a reasonable approach for remote backups for my family? Or are there flaws/security issues? What would be an alternative, if this is bad?
2. Question
If the approach is reasonable: how does one proceed to implement such firewall rules in TrueNAS Scale? In TrueNAS Core I had a jail with ipfw rules to act accordingly.
Thank you and yours sincerely
NicJak