I don't think its possible... since the TCP layer only brings the data to ssh program, it doesn't analyze it (e.g. username).
so the drop will have to be by the ssh server (which already does that). Regards, Lior Kaplan [EMAIL PROTECTED] http://www.Guides.co.il ----- Original Message ----- From: "Noam Meltzer" <[EMAIL PROTECTED]> To: "Linux-IL mailing list" <[EMAIL PROTECTED]> Sent: Tuesday, April 27, 2004 5:55 PM Subject: iptables AI (application intelligence) > Hi, > I was wondering if any1 knows if iptables has the ability to implement > "application intelligence"? > My sepcific interest is to implement something like this: > I have a host, connected to the internet, and it runs iptables, while > ssh's tcp port is the only one opened. > Now, I want that instead of opening this port, every communication to > that port will be dropped, unless the computer which tries to connect to > it, will try to connect with a specific user. > > example: > the user "haim" is allowed to my machine, and others ain't. > > doing: > remote-machine> ssh [EMAIL PROTECTED] > will be dropped by iptables. > doing: > remote-machine> ssh [EMAIL PROTECTED] > will be allowed by iptables. > > > 10x, > Noam Meltzer > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
