Jim Flowers <[email protected]> writes: > To lock down services (particularly ssh) as tightly as possible, I like to > allow > administrative access to a firewall only from specific ip addresses.
makes sense. > Unfortunately, some of the administrators are working from dynamic ip > addresses > that change with some frequency. > > Is there a straightforward way to incorporate dynamic ip source addresses in > the > pf ruleset? I'd say this sounds like a situation where authpf could come in quite handy. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
