Something like:
pass in quick on $ext_if from { $friendly_networks } to any port ssh keep state
block in on $ext_if from any to any port ssh
should work. You can place "$friendly_networks" into a table that
gets loaded from a file if the list is large. And/or update it via
pftcl on the fly.
On 7/6/06, Bharj, Gagan <[EMAIL PROTECTED]> wrote:
Hello Folks,
Our server is getting hammered on a daily basis by IPs trying to open an ssh
session. Currently, I'm manually putting the subnets (in a pf table) that are
repeatedly trying to get in. As you can see, this list will eventually get
very big and will be unmaintainable. Is there any way that I can say only
allow IP addresses from particular ISPs or domains?
Regards,
Gagan
