On 12/18/2009 09:40:36 AM, Jim Flowers wrote: > To lock down services (particularly ssh) as tightly as possible, I > like to allow > administrative access to a firewall only from specific ip addresses. > > Unfortunately, some of the administrators are working from dynamic ip > addresses > that change with some frequency. > > Is there a straightforward way to incorporate dynamic ip source > addresses in the > pf ruleset?
Yes. Make a table with the dynamic source addresses. Control access using that table. Update the table with pfctl from a script that runs periodically and does dns lookups. Karl <[email protected]> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
