[lug] firewall trickery
Daniel Webb
lists at danielwebb.us
Tue Jan 31 20:46:59 MST 2006
On Tue, Jan 31, 2006 at 04:43:05PM -0700, Ken MacFerrin wrote:
> I'm not sure on the iptables questions but another way to approach the
> problem could be to start multiple instances of sshd on the server, each
> with an individual config file listening on different ports. You could
> then use the "AllowUsers" directive to restrict access to each instance
> by user.
Wow, thanks. I was making that a lot harder than it is, huh? I guess I
didn't consider that solution because I thought the overhead would be large,
but sure enough it's trivial:
for f in $(seq 20000 20200); do sshd -o "AllowUsers user" -o "port $f"; done
uses 2MB more memory than before.
I'm still curious about the iptables questions, but I could probably die happy
without knowing.
More information about the LUG
mailing list