I agree with James: ACLs (ACcess Lists) are the solution to your problem.
You can use iptables to block SSH traffic directed to a specific IP or
subnet.
There are many good articles on the web (just Google for "iptables block
traffic") but you may want to start from the manpage :)
http://www.die.net/doc/linux/man/man8/iptables.8.html
-mw
On 4/11/06, James Knott
M. Edwin wrote:
Hi list,
Some of our user here use SSH to the server. But some of them use ssh tunnelling to connect to proxy outside our network which is not allowed. Is there anyway to block this tunneling without blocking ssh traffic? Any help would be appreciated.
You could filter at the firewall according to addresses. However, there's no way to know what ssh is being used for.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com