[clug] [OT] IP range of a domain?

Robert Brockway robert at timetraveller.org
Wed Jan 20 23:24:40 MST 2010

On Thu, 21 Jan 2010, Carlo Hamalainen wrote:

> I want to drop all incoming ssh connections to my server apart from a
> few IP addresses plus my current home ADSL. When I had Internode I was

Have you considered running a VPN between your server and your home DSL? 
This sidesteps the entire problem.   You can access your server over your 
VPN link and don't have to worry about allowing a dynamically assigned 
address through the firewall.  OpenVPN would accept connections from any 
address but it can use a key pair for authentication.

If you do then OpenVPN is good choice.

Other options you may like to consider:

* Blocking password access for ssh and using key auth only.

* Enabling 'fail2ban' to block brute force attacks against sshd on the 
server, if you are using password auth.



Email: robert at timetraveller.org
IRC: Solver
Web: http://www.practicalsysadmin.com
I tried to change the world but they had a no-return policy

More information about the linux mailing list