Sandy Rutherford writes:
See login.access(5) and login.conf(5). Both provide this functionality.
I've tried this and I've obtained weird results.
Supposedly login stops at the first match in the login.access file. So I used this:
+:ALL:console +:ALL:LOCAL +:xxx yyy:ALL EXCEPT 216.134.77.112 161.13.67.41 -:ALL:ALL
The idea is to prohibit any logins from anywhere except the LAN and console for all users except xxx and yyy (and even for those two logins are not accepted from two specific IP addresses). But as soon as I add the -:ALL:ALL at the end, logins are disallowed for everyone except xxx and yyy, even on the LAN, and even with ssh. I'm perplexed.
Anthony,
If you are using ipfw, you could do something like this:
# Allow in only a few Telnet, SFTP, SSH, and SCP from public Internet
${fwcmd} add 090 pass log tcp from 161.13.67.41,216.134.77.112 to ${ip} 23 setup limit src-addr 5
What this does is allow the above mentioned in from the above mentioned IP's - THEN, only allows a connection of 5.
Something to think about if you run the firewall. To the rest of the outside, users will get dead space if they try to telnet in.
-- Best regards, Chris
If opportunity came disguised as temptation, one knock would be enough. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
