From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 3 19:14:12 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A32CD16A4CE for ; Wed, 3 Dec 2003 19:14:12 -0800 (PST) Received: from mail2.northnetworks.ca (dev.eagle.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4C0B43FA3 for ; Wed, 3 Dec 2003 19:14:08 -0800 (PST) (envelope-from iaccounts@northnetworks.ca) Received: from [127.0.0.1] (dev.eagle.ca [209.167.58.10]) hB43CJCn049498; Wed, 3 Dec 2003 22:12:20 -0500 (EST) (envelope-from iaccounts@northnetworks.ca) From: Steve Bertrand To: Chris In-Reply-To: <200312032055.58158.racerx@makeworld.com> References: <200312032055.58158.racerx@makeworld.com> Content-Type: text/plain Organization: Northumberland Network Services Message-Id: <1070507627.416.90.camel@ptp.northnetworks.ca> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Wed, 03 Dec 2003 22:13:47 -0500 Content-Transfer-Encoding: 7bit cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw and ssh example X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: iaccounts@northnetworks.ca List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 03:14:12 -0000 On Wed, 2003-12-03 at 21:55, Chris wrote: > Hiya folks. > > Please show me an example that I might use if I want to allow only one IP > address into a box via ssh, yet deny all others. The following will allow ssh from 192.168.1.3 to your box in through the 'rl0' interface, and deny all other ssh traffic to the box. # ipfw add 10 allow tcp from 192.168.1.3 to me 22 in via rl0 keep-state # ipfw add 11 deny tcp from any to me 22 Hope this helps. Steve -- Steve Bertrand President/CTO, Northumberland Network Services t: 905.352.2688 w: www.northnetworks.ca