From owner-freebsd-questions@FreeBSD.ORG  Fri Apr 18 17:14:19 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8E9E91065671
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Apr 2008 17:14:19 +0000 (UTC)
	(envelope-from freebsd@wire-consulting.com)
Received: from thor.wire-consulting.com (thor.wire-consulting.com
	[213.13.113.115])
	by mx1.freebsd.org (Postfix) with ESMTP id 030B98FC0C
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Apr 2008 17:14:18 +0000 (UTC)
	(envelope-from freebsd@wire-consulting.com)
Received: from leoncio.local (freebsd.wire-consulting.com [213.13.113.117])
	(authenticated bits=0)
	by thor.wire-consulting.com (8.13.3/8.13.3) with ESMTP id
	m3IHEC8X050141
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Fri, 18 Apr 2008 18:14:12 +0100 (WEST)
	(envelope-from freebsd@wire-consulting.com)
Message-ID: <4808D6E3.8030808@wire-consulting.com>
Date: Fri, 18 Apr 2008 18:14:11 +0100
From: FreeBSD - Wire Consulting <freebsd@wire-consulting.com>
User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213)
MIME-Version: 1.0
To: Gilles <gilles.ganault@free.fr>
References: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com>	<48086425.5080608@wire-consulting.com>
	<efih04dgdgqtkr6djs4photgsd1s299kq0@4ax.com>
In-Reply-To: <efih04dgdgqtkr6djs4photgsd1s299kq0@4ax.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.91.1/6828/Fri Apr 18 15:58:55 2008 on
	thor.wire-consulting.com
X-Virus-Status: Clean
Cc: freebsd-questions@freebsd.org
Subject: Re: [SSHd] Limiting access from authorized IP's
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2008 17:14:19 -0000


Hi,

Gilles wrote:
> I don't have a firewall on that host because there's already a NAT
> router connecting the LAN to the Net.
>   
I don't know your setup, but I'm pretty sure you can run the packet
filter on your host anyway.
You don't need to configure NAT to run your host firewall.
> I'll just add the following to /etc/ssh/sshd_config, and restart the
> service:
>
> AllowHosts 192.168.0 82.x.x.x
>   
OK!
> BTW, is the SSHd that comes with the system good enough, or should I
> upgrade to what's in /usr/ports/security/ssh2?
>   
For me base system ssh works like a sharm.
IMO, you only want to "upgrade" if you need a specific feature that is
not available on system SSH.

Pedro