Warren,
Disclaimer: I'm a bit rusty with Dachstein. I may have missed something in my description below. Hopefully someone will correct me if I get too far offtrack. Remainder inline... On Tue, 24 Sep 2002 16:56:39 CST Warren Post wrote: > Brad Fritz wrote: > > > I would strongly suggest, if you haven't already, that you set > > your firewall rules to only allow ssh connections from trusted > > hosts or networks. (Doing so is a good idea anyway.) > > Good idea. I've taken a look at /etc/ipfilter.conf, which is where I > assume this setting should be made. Although the file is liberally > commented, I'm such a newbie that I'm still at a loss as to what exactly > I should add or modify to disallow ssh connections from outside our LAN. Actually /etc/network.conf has everything you need for the task. I use the EXTERN_TCP_PORT__N__ entries (where __N__ is an integer) like so: EXTERN_TCP_PORT0="1.2.3.4 ssh" EXTERN_TCP_PORT1="2.3.4.5/29 ssh" to allow traffic from trusted host 1.2.3.4 and trusted network 2.3.4.5/29 . The EXTERN_TCP_PORTS entry equivalent is EXTERN_TCP_PORTS="1.2.3.4_ssh 2.3.4.5/29_ssh" If memory serves, you can only use the numbered form (top) or the space-delimited form (bottom), but not both. > Can someone point me to a newbie friendly howto or similar where I can > learn how to do this? http://lrp.steinkuehler.net/files/packages/network.txt is probably a good place to start. Old archives of leaf-user[1] might be another good place to look. I'm probably forgetting other good resources. Hopefully someone will fill in any gaps I leave. --Brad [1] http://www.mail-archive.com/leaf-user%40lists.sourceforge.net/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html