I thought about that, but authpf only allows the source address the ssh client originated from. In this case, the ssh client will be a tech. The source address the ftp will come from will be different (the source IP will be varied customers of ours with varied IP addresses). Customers will not have ssh access, just ftp. Basically, it will be a set of test files the customer can do an ftp from/to.
As far as the world is concerned, the box is not online. Only when a customer wants to test traffic from on-net, we would activate their IP as able to connect via ftp to the site. The script I am creating (it will all be menu driven) will just pass off variables (via sudo) to the firewall. From the script (which is the tech's default shell), all they would be able to do is add an IP address in and the script would add the rule. Matt On Mon, 14 Oct 2002, Robert Schwartz wrote: > authpf? > >
