From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 23 12:39:40 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A9DD216A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 23 Jul 2004 12:39:40 +0000 (GMT)
Received: from smtp15.wxs.nl (smtp15.wxs.nl [195.121.6.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D0CC843D1F
	for <freebsd-questions@freebsd.org>;
	Fri, 23 Jul 2004 12:39:39 +0000 (GMT)
	(envelope-from freebsd@akruijff.dds.nl)
Received: from kruij557.speed.planet.nl
 (ipd50a97ba.speed.planet.nl [213.10.151.186])
 by smtp15.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3
 2004)) with ESMTP id <0I1B00IYC1U22R@smtp15.wxs.nl> for
 freebsd-questions@freebsd.org; Fri, 23 Jul 2004 14:39:38 +0200 (CEST)
Received: from alex.lan (localhost [127.0.0.1])	by kruij557.speed.planet.nl
	(8.12.10/8.12.10) with ESMTP id i6NCdbCe001333;
	Fri, 23 Jul 2004 14:39:37 +0200
Received: (from akruijff@localhost)	by alex.lan (8.12.10/8.12.10/Submit)
	id i6NCdbbw001332; Fri, 23 Jul 2004 14:39:37 +0200
Content-return: prohibited
Date: Fri, 23 Jul 2004 14:39:37 +0200
From: Alex de Kruijff <freebsd@akruijff.dds.nl>
In-reply-to: <3.0.6.32.20040723132012.007d8e50@mail.uk2.net>
To: Graham Bentley <gbentley@uk2.net>
Message-id: <20040723123936.GA795@alex.lan>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
User-Agent: Mutt/1.4.2.1i
References: <20040723120102.009B116A4DF@hub.freebsd.org>
 <3.0.6.32.20040723132012.007d8e50@mail.uk2.net>
X-Authentication-warning: alex.lan: akruijff set sender to
 freebsd@akruijff.dds.nl using -f
cc: freebsd-questions@freebsd.org
Subject: Re: Best way to limit SSH to LAN IP's only ?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2004 12:39:40 -0000

On Fri, Jul 23, 2004 at 01:20:12PM +0100, Graham Bentley wrote:
> 
> Hi All,
> 
> Wondered what is the best way to do this ?
> 
> Do I have to get involved with host.allow / deny
> or better to use the sshd config ?

Hi,

The hosts.allow states:
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny

Another way would be to implement this behavure with a firewall like
ipfw or ipf.

-- 
Alex

Articles based on solutions that I use:
http://www.kruijff.org/alex/FreeBSD/