On 12/18/2009 10:16:44 AM, Peter N. M. Hansteen wrote: > Jim Flowers <[email protected]> writes: > > > To lock down services (particularly ssh) as tightly as possible, I > like to allow > > administrative access to a firewall only from specific ip > addresses.
> > Unfortunately, some of the administrators are working from dynamic > ip addresses > > that change with some frequency. > > > > Is there a straightforward way to incorporate dynamic ip source > addresses in the > > pf ruleset? > > I'd say this sounds like a situation where authpf could come in quite > handy. How? I thought authpf grants additional rights to those who can ssh. But he wants to restrict those allowed to ssh period. Karl <[email protected]> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
