Date: Sun, 10 Apr 2005 09:34:26 -0500 From: Chris <racerx@makeworld.com> To: freebsd-questions@freebsd.org Subject: Re: How can I log every login via telnet? Message-ID: <42593972.1040805@makeworld.com> In-Reply-To: <1878091587.20050410102441@wanadoo.fr> References: <1492434941.20050407204225@wanadoo.fr> <16981.34396.918396.208453@szamoca.krvarr.bc.ca> <856341966.20050408053245@wanadoo.fr> <16984.42254.480019.606112@szamoca.krvarr.bc.ca> <1878091587.20050410102441@wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Anthony Atkielski wrote: > Sandy Rutherford writes: > > >>See login.access(5) and login.conf(5). Both provide this >>functionality. > > > I've tried this and I've obtained weird results. > > Supposedly login stops at the first match in the login.access file. So > I used this: > > +:ALL:console > +:ALL:LOCAL > +:xxx yyy:ALL EXCEPT 216.134.77.112 161.13.67.41 > -:ALL:ALL > > The idea is to prohibit any logins from anywhere except the LAN and > console for all users except xxx and yyy (and even for those two logins > are not accepted from two specific IP addresses). But as soon as I add > the -:ALL:ALL at the end, logins are disallowed for everyone except xxx > and yyy, even on the LAN, and even with ssh. I'm perplexed. > Anthony, If you are using ipfw, you could do something like this: # Allow in only a few Telnet, SFTP, SSH, and SCP from public Internet ${fwcmd} add 090 pass log tcp from 161.13.67.41,216.134.77.112 to ${ip} 23 setup limit src-addr 5 What this does is allow the above mentioned in from the above mentioned IP's - THEN, only allows a connection of 5. Something to think about if you run the firewall. To the rest of the outside, users will get dead space if they try to telnet in. -- Best regards, Chris If opportunity came disguised as temptation, one knock would be enough.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42593972.1040805>