HI I personally have all ssh and alike ports closed on my servers. If I want to connect to the server per ssh or whatever function, I login to a hidden php which adds my current IP to a sql table. I use sql because I'm not the only one using this and want to keep track which admin is logging in. A cron job is running every minute looking in the table and adding the new ip addresses to the pf include file and reloading PF
Every night at 4am, I empty the text file and reload pf. I know that this could be done more elegant but KISS is what I like. In addition I have tcpserver running a perl script on a non privileged port to add a IP to the sql tables if apache fails. #!/bin/sh ### MySQL Setup ### MUSER="username" MPASS="password" MHOST="localhost" MYSQL="/usr/local/bin/mysql" # ### Get all new IP addresses ### DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'select ipAddress from intranet.ipCleared WHERE `timestamp` > (UNIX_TIMESTAMP()-60)')" for ip in $DBS do ## this bit is emailed to me over cron run-output if a new IP address was found echo $ip >> /usr/local/etc/pf/pf.VNCallow echo "Added $ip to VNC Access from MYSQL Table" /etc/rc.d/pf reload done _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
