[SSHd] Limiting access from authorized IP's

FreeBSD - Wire Consulting freebsd at wire-consulting.com
Fri Apr 18 17:14:19 UTC 2008


Hi,

Gilles wrote:
> I don't have a firewall on that host because there's already a NAT
> router connecting the LAN to the Net.
>   
I don't know your setup, but I'm pretty sure you can run the packet
filter on your host anyway.
You don't need to configure NAT to run your host firewall.
> I'll just add the following to /etc/ssh/sshd_config, and restart the
> service:
>
> AllowHosts 192.168.0 82.x.x.x
>   
OK!
> BTW, is the SSHd that comes with the system good enough, or should I
> upgrade to what's in /usr/ports/security/ssh2?
>   
For me base system ssh works like a sharm.
IMO, you only want to "upgrade" if you need a specific feature that is
not available on system SSH.

Pedro


More information about the freebsd-questions mailing list