Date: Wed, 3 Dec 2003 21:50:43 -0600 From: Chris <racerx@makeworld.com> To: iaccounts@northnetworks.ca Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw and ssh example Message-ID: <200312032150.43066.racerx@makeworld.com> In-Reply-To: <200312032120.30792.racerx@makeworld.com> References: <200312032055.58158.racerx@makeworld.com> <1070507627.416.90.camel@ptp.northnetworks.ca> <200312032120.30792.racerx@makeworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 03 December 2003 09:20 pm, Chris wrote: > On Wednesday 03 December 2003 09:13 pm, Steve Bertrand wrote: > > On Wed, 2003-12-03 at 21:55, Chris wrote: > > > Hiya folks. > > > > > > Please show me an example that I might use if I want to allow only one > > > IP address into a box via ssh, yet deny all others. > > > > The following will allow ssh from 192.168.1.3 to your box in through the > > 'rl0' interface, and deny all other ssh traffic to the box. > > > > # ipfw add 10 allow tcp from 192.168.1.3 to me 22 in via rl0 keep-state > > # ipfw add 11 deny tcp from any to me 22 > > How about this: > # ipfw add 10 allow tcp from 192.168.1.3-10 to me 22 in via rl0 keep-state > > Allowing a range of IP's? Never mind folks - Here's my end result. ${fwcmd} add 61200 allow log tcp from 200.200.200.0/24 to ${ip} 22 keep-state ${fwcmd} add 61210 deny log tcp from any to any 22 Thanks again to all then helped out. -- Best regards, Chris ______________________________________________________________________ PGP Fingerprint = D976 2575 D0B4 E4B0 45CC AA09 0F93 FF80 C01B C363 PGP Mail encouraged / preferred - keys available on common key servers ______________________________________________________________________ 01010010011000010110001101100101011100100101100000000000
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312032150.43066.racerx>