3 Oct
2001
3 Oct
'01
09:38
My intention is, to allow a connect from a specific host outside our lan. Therefore i want to restrict the client-port's, to 1000-1023. never ever restict the client's source port. it is unnecessary. it can be faked. it just isn't useful at all. The client is untrusted until it is authenticated. if you want to connect from a specific host, why not allow the whole IP for ssh?
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \