On 2009/12/18 15:40, Jim Flowers wrote: > To lock down services (particularly ssh) as tightly as possible, I like to > allow > administrative access to a firewall only from specific ip addresses. > > Unfortunately, some of the administrators are working from dynamic ip > addresses > that change with some frequency. > > Is there a straightforward way to incorporate dynamic ip source addresses in > the > pf ruleset?
How about having them vpn in? OpenBSD+ipsec.conf is very easy, or if they're using Windows then the Shrewsoft client isn't too bad.
