From owner-freebsd-stable@FreeBSD.ORG  Tue May 31 15:22:25 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: stable@freebsd.org
Delivered-To: freebsd-stable@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4D77416A41F
	for <stable@freebsd.org>; Tue, 31 May 2005 15:22:25 +0000 (GMT)
	(envelope-from danger@rulez.sk)
Received: from mail.rulez.sk (DaEmoN.RuLeZ.sK [84.16.32.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB69B43D48
	for <stable@freebsd.org>; Tue, 31 May 2005 15:22:24 +0000 (GMT)
	(envelope-from danger@rulez.sk)
Received: from localhost (localhost [127.0.0.1])
	by mail.rulez.sk (Postfix) with ESMTP id 887AA1CC24;
	Tue, 31 May 2005 17:22:23 +0200 (CEST)
Received: from danger.mcrn.sk (danger.mcrn.sk [84.16.37.254])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.rulez.sk (Postfix) with ESMTP id CB01F1CC22;
	Tue, 31 May 2005 17:22:12 +0200 (CEST)
Date: Tue, 31 May 2005 17:19:08 +0200
From: Daniel Gerzo <danger@rulez.sk>
X-Priority: 3 (Normal)
Message-ID: <144623634.20050531171908@rulez.sk>
To: Ivan Voras <ivoras@fer.hr>
In-Reply-To: <429C7804.8040709@fer.hr>
References: <429C7804.8040709@fer.hr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at mail.rulez.sk
X-Spam-Status: No, hits=-1.276 tagged_above=-999 required=5
	tests=[ALL_TRUSTED=-2.82, AWL=0.359, PRIORITY_NO_NAME=1.185]
X-Spam-Level: 
Cc: stable@freebsd.org
Subject: Re: IP Firewalling by DNS name
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Daniel Gerzo <danger@rulez.sk>
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2005 15:22:25 -0000

Hello Ivan,

Tuesday, May 31, 2005, 4:43:16 PM, si pisal:

> Is it possible to use ipfw to filter packets by domain name?

> What I need it for: I'd like to allow ssh logins only from a specific
> TLD (by reverse lookup...) - maybe there's another way?

you can use AllowUsers sshd_config directive e.g:

AllowUsers user@*.domain.tld

or something like:

AllowUsers user@111.111.111.*

I think this is possible too.

-- 
Sincerely,

 DanGer, ICQ: 261701668  | e-mail protecting at: http://www.2pu.net/
 http://danger.rulez.sk  | proxy list at:        http://www.proxy-web.com/
                         | FreeBSD - The Power to Serve!