jett, if i understand your question, you want:
1) outbound ssh unlimited, i.e. works all of the time. *and* 2) inbound ssh limited to 1 hour per day (say 1300->1400). is this correct? ipf by itself can not do this. basically you need to have two rulesets, the second of which incorporates a pass IN for tcp/22. then, you can use cron to swap between the two rulesets at the times you need to. n.b. i have to ask, though, is port 22 the only external facing port that you have open? are you worried that there is some latent ssh vulnerability and you are trying to keep the window closed most of the time? the reason i ask is because many ssh exploits are automated "brute-force" implementations, and even with the window open for 1hr (4.1% of the time) you are still going to get attempts via ssh. while the 1hr duration may minimize the possibility of an ssh exploit or password crack, it doesn't remove it. imagine that all of your bank guards go for a 1hr break every day. jim Jett Tayer wrote:
Hello, is it possible with IPFilter to limit to say 1 hour any ssh connections coming from the Internet and allow full-time any connections from my LAN? Jett
