From owner-freebsd-questions@FreeBSD.ORG Fri Apr 18 17:14:19 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E9E91065671 for ; Fri, 18 Apr 2008 17:14:19 +0000 (UTC) (envelope-from freebsd@wire-consulting.com) Received: from thor.wire-consulting.com (thor.wire-consulting.com [213.13.113.115]) by mx1.freebsd.org (Postfix) with ESMTP id 030B98FC0C for ; Fri, 18 Apr 2008 17:14:18 +0000 (UTC) (envelope-from freebsd@wire-consulting.com) Received: from leoncio.local (freebsd.wire-consulting.com [213.13.113.117]) (authenticated bits=0) by thor.wire-consulting.com (8.13.3/8.13.3) with ESMTP id m3IHEC8X050141 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 18 Apr 2008 18:14:12 +0100 (WEST) (envelope-from freebsd@wire-consulting.com) Message-ID: <4808D6E3.8030808@wire-consulting.com> Date: Fri, 18 Apr 2008 18:14:11 +0100 From: FreeBSD - Wire Consulting User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 To: Gilles References: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com> <48086425.5080608@wire-consulting.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.91.1/6828/Fri Apr 18 15:58:55 2008 on thor.wire-consulting.com X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: [SSHd] Limiting access from authorized IP's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 17:14:19 -0000 Hi, Gilles wrote: > I don't have a firewall on that host because there's already a NAT > router connecting the LAN to the Net. > I don't know your setup, but I'm pretty sure you can run the packet filter on your host anyway. You don't need to configure NAT to run your host firewall. > I'll just add the following to /etc/ssh/sshd_config, and restart the > service: > > AllowHosts 192.168.0 82.x.x.x > OK! > BTW, is the SSHd that comes with the system good enough, or should I > upgrade to what's in /usr/ports/security/ssh2? > For me base system ssh works like a sharm. IMO, you only want to "upgrade" if you need a specific feature that is not available on system SSH. Pedro