From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 3 19:20:50 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2202516A4CF for ; Wed, 3 Dec 2003 19:20:50 -0800 (PST) Received: from makeworld.com (makeworld.com [12.15.124.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DBE043FE1 for ; Wed, 3 Dec 2003 19:20:45 -0800 (PST) (envelope-from racerx@makeworld.com) Received: from evrtwa1-ar12-4-46-162-188.evrtwa1.dsl-verizon.net (evrtwa1-ar12-4-46-162-188.evrtwa1.dsl-verizon.net [4.46.162.188]) by makeworld.com (Postfix) with ESMTP id E458839; Wed, 3 Dec 2003 21:22:20 -0600 (CST) From: Chris To: iaccounts@northnetworks.ca Date: Wed, 3 Dec 2003 21:20:30 -0600 User-Agent: KMail/1.5.4 References: <200312032055.58158.racerx@makeworld.com> <1070507627.416.90.camel@ptp.northnetworks.ca> In-Reply-To: <1070507627.416.90.camel@ptp.northnetworks.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312032120.30792.racerx@makeworld.com> cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw and ssh example X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Dec 2003 03:20:50 -0000 On Wednesday 03 December 2003 09:13 pm, Steve Bertrand wrote: > On Wed, 2003-12-03 at 21:55, Chris wrote: > > Hiya folks. > > > > Please show me an example that I might use if I want to allow only one > > IP address into a box via ssh, yet deny all others. > > The following will allow ssh from 192.168.1.3 to your box in through the > 'rl0' interface, and deny all other ssh traffic to the box. > > # ipfw add 10 allow tcp from 192.168.1.3 to me 22 in via rl0 keep-state > # ipfw add 11 deny tcp from any to me 22 How about this: # ipfw add 10 allow tcp from 192.168.1.3-10 to me 22 in via rl0 keep-state Allowing a range of IP's? BTW - Thank you everyone. -- Best regards, Chris ______________________________________________________________________ PGP Fingerprint = D976 2575 D0B4 E4B0 45CC AA09 0F93 FF80 C01B C363 PGP Mail encouraged / preferred - keys available on common key servers ______________________________________________________________________ 01010010011000010110001101100101011100100101100000000000