From owner-freebsd-isp  Thu Aug 21 16:21:08 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id QAA27608
          for isp-outgoing; Thu, 21 Aug 1997 16:21:08 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA27582
          for <isp@FreeBSD.ORG>; Thu, 21 Aug 1997 16:20:55 -0700 (PDT)
Received: (from danny@localhost)
	by panda.hilink.com.au (8.8.5/8.8.5) id JAA20717;
	Fri, 22 Aug 1997 09:20:35 +1000 (EST)
Date: Fri, 22 Aug 1997 09:20:34 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Mark Segal <mark@club-web.com>
cc: isp@FreeBSD.ORG
Subject: Re: Remote Administration
In-Reply-To: <33FC61C0.A5F0F798@club-web.com>
Message-ID: <Pine.BSF.3.91.970822090615.308G-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 21 Aug 1997, Mark Segal wrote:

> John Brown wrote:
> > 
> >  I am setting up an ISP server running FreeBSD and would like to deny all
> > shell access to my server but keep myself a way to get into the server for
> > remote administration. Any ideas on the best way to accomplish this?
> Two ways.. either attach a modem to the box itself and dial-in to the
> server, or (using tcp/ip_wrappers) only allow access from certain boxes,
> ie your desktop.

You should also consider installing ipfw into your kernel, and blocking 
access to port 22 (ssh) from untrusted places.

Danny