Women in Technology

Hear us Roar



Article:
  Exploring the Mac OS X Firewall
Subject:   Hostname in rules?
Date:   2005-03-16 10:52:06
From:   Brad_Fleming
I have an OSX machine that serves in a dynamic IP environment. I would like to add a rule requiring all ssh connections to originate from a *.house.domain.edu IP. The problem is that users can easily get an IP from several different subnets because they move from one building to another fairly often (what with meetings and wireless). Is this possible? If so, can somebody please help me with the syntax used? Thanks in advance.
Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Hostname in rules?
    2005-03-17 01:22:33  peterhickman [View]

    While you can have rules like

    allow tcp from fred.house.domain.edu to any 22 in

    I'm not sure that you could use a * instead of the fred. You would probably have to iterate all possible values for *. The only way to find out is to try it.

    Do you have the netmask for *.house.domain.edu, you could use that.

    allow tcp from xxx.xxx.0.0/24 to any 22 in

    Is there another way of approaching this, could you just only allow the various private address ranges in and exclude the rest. Assuming that the *.house.domain.edu are all private.