![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Yeah, I finally got tired of watching überl33t h@XX0rZ¹ try to break into my ftpd and sshd. So, after some dinking around with pf (which had the additional benefit of me growing slightly stronger in the fu of pf, learning a detail I hadn't picked up on before), I'm now allowing ssh and ftp connections only from pre-authorized hosts. If you ever have a reason to ssh here, and you're not already authorized, you'll have to get in touch with me and get the host you want to connect from authorized. (This pretty much only applies to ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif){kind=small}
ilcylic and wolfspaw at this point.)
[1] In their wet dreams, anyway.
Tags:
no subject
no subject
First, because I tried it with tcpwrappers and it didn't appear to be working (possibly because the hosts are behind NAT and the connections appear to be coming from the firewall, which is an authorized internal host).
Second, because by using pf to block the unauthorized connections right at the firewall, I can block them for all internal hosts, and update the allowed list for all hosts, simply by updating one pf rule.