Date: Wed, 3 Dec 2003 21:50:43 -0600 From: Chris <racerx@makeworld.com> To: iaccounts@northnetworks.ca Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw and ssh example Message-ID: <200312032150.43066.racerx@makeworld.com> In-Reply-To: <200312032120.30792.racerx@makeworld.com> References: <200312032055.58158.racerx@makeworld.com> <1070507627.416.90.camel@ptp.northnetworks.ca> <200312032120.30792.racerx@makeworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 03 December 2003 09:20 pm, Chris wrote:
> On Wednesday 03 December 2003 09:13 pm, Steve Bertrand wrote:
> > On Wed, 2003-12-03 at 21:55, Chris wrote:
> > > Hiya folks.
> > >
> > > Please show me an example that I might use if I want to allow only one
> > > IP address into a box via ssh, yet deny all others.
> >
> > The following will allow ssh from 192.168.1.3 to your box in through the
> > 'rl0' interface, and deny all other ssh traffic to the box.
> >
> > # ipfw add 10 allow tcp from 192.168.1.3 to me 22 in via rl0 keep-state
> > # ipfw add 11 deny tcp from any to me 22
>
> How about this:
> # ipfw add 10 allow tcp from 192.168.1.3-10 to me 22 in via rl0 keep-state
>
> Allowing a range of IP's?
Never mind folks - Here's my end result.
${fwcmd} add 61200 allow log tcp from 200.200.200.0/24 to ${ip} 22 keep-state
${fwcmd} add 61210 deny log tcp from any to any 22
Thanks again to all then helped out.
--
Best regards,
Chris
______________________________________________________________________
PGP Fingerprint = D976 2575 D0B4 E4B0 45CC AA09 0F93 FF80 C01B C363
PGP Mail encouraged / preferred - keys available on common key servers
______________________________________________________________________
01010010011000010110001101100101011100100101100000000000
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312032150.43066.racerx>