Article:  |
Exploring the Mac OS X Firewall | |
| Subject: | Hostname in rules? | |
| Date: | 2005-03-16 10:52:06 | |
| From: | Brad_Fleming | |
| I have an OSX machine that serves in a dynamic IP environment. I would like to add a rule requiring all ssh connections to originate from a *.house.domain.edu IP. The problem is that users can easily get an IP from several different subnets because they move from one building to another fairly often (what with meetings and wireless). Is this possible? If so, can somebody please help me with the syntax used? Thanks in advance. | ||
Showing messages 1 through 1 of 1.
-
Hostname in rules?
2005-03-17 01:22:33 peterhickman [View]
allow tcp from fred.house.domain.edu to any 22 in
I'm not sure that you could use a * instead of the fred. You would probably have to iterate all possible values for *. The only way to find out is to try it.
Do you have the netmask for *.house.domain.edu, you could use that.
allow tcp from xxx.xxx.0.0/24 to any 22 in
Is there another way of approaching this, could you just only allow the various private address ranges in and exclude the rest. Assuming that the *.house.domain.edu are all private.