Karl O. Pinc
Fri, 18 Dec 2009 10:41:00 -0800
On 12/18/2009 10:16:44 AM, Peter N. M. Hansteen wrote: > Jim Flowers <jflow...@ezo.net> writes: > > > To lock down services (particularly ssh) as tightly as possible, I > like to allow > > administrative access to a firewall only from specific ip > addresses.
> > Unfortunately, some of the administrators are working from dynamic
> ip addresses
> > that change with some frequency.
> >
> > Is there a straightforward way to incorporate dynamic ip source
> addresses in the
> > pf ruleset?
>
> I'd say this sounds like a situation where authpf could come in quite
> handy.
How? I thought authpf grants additional rights to those who
can ssh. But he wants to restrict those allowed to ssh period.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein