To lock down services (particularly ssh) as tightly as possible, I like to allow administrative access to a firewall only from specific ip addresses.
Unfortunately, some of the administrators are working from dynamic ip addresses that change with some frequency. Is there a straightforward way to incorporate dynamic ip source addresses in the pf ruleset? Thanks.
