Hi All, I am setting up an openbsd 4.5 stable based pf firewall and was wondering if there is a way to make it so only certain users could log in from certain IP addresses. I have authpf set up and working well, but the problem is if someone that isn't coming from one of my "safe" ip addresses, i don't want them to be able to log in using a login name that has a standard shell like ksh. I saw the "Match" statement for sshd but it looks like the only things that can be set are: AllowAgentForwarding, AllowTcpForwarding, Banner, ChrootDirectory, ForceCommand, GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, MaxAuthTries, MaxSessions, PasswordAuthentication, PermitEmptyPasswords, PermitOpen, PermitRootLogin, RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, X11Forwarding and X11UseLocalHost. none of which would allow for what i'm trying. (if i'm understanding this correctly)
I'm trying to have authpf authenticate people before they are able to use certain services behind the firewall, i.e. pptp server, pop server etc., while allowing certain people from static IP addresses to actually log into the openbsd firewall. Any ideas greatly appreciated. Thanks in advance. Aaron Martinez
