On Mon, Aug 13, 2007 at 12:29:14PM -0400, Mark A. Hoover wrote: > > Hi Andrew, > > > > You are quite correct, I agree with you, its not really a good idea at all. > > > > End goal in this case was to secure ssh. > > I only wanted to allow ssh in from the internet from static IPs I know(work) > > and from my home(which was a dyndns address hence the problem). > > > > A better way would probably be to secure ssh better perhaps with ssh rate > > limiting or something? > > > > I have changed all my rules to only use IPs now as that is better. > > > > Thanks for the feedback. > > I haven't tried this personally, but you could also look into Port > Knocking... > > http://www.shorewall.net/PortKnocking.html
It's virtually useless against anything other than the internet-flooding worms. This is what we have passwords and RSA keys for - you're far better off adding a couple more characters to the length of your password, and it's less hassle. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
