Filtering on a user account

P

Philippe

Hello,

I'm work with FreeBSD 7.0

I'd like to have a rule of type encrypted access (port 22: SSH or SFTP) filtering on a user account.

In short: From IP1 able to 'ssh user1@IP2', but not being able to'ssh user2@IP2'

Is this possible?

thank you
 
Philippe said:
In short: From IP1 able to 'ssh user1@IP2', but not being able to'ssh user2@IP2'

Is this possible?
Click to expand...
Configure the SSH server to deny user2 access.
 
Philippe said:
Is there a rule to do that on PF?
Click to expand...
No, simply because a firewall cannot 'see' which username is used for the SSH session.
A firewall works on layer 3/4, you want to filter at layer 7.
 
PF can only filter users/groups on the firewall machine itself, and then it only applies to local sockets owned by a user/group. As SirDice noted, that is entirely different from allowing users to connect to a daemon behind a firewall. No one knows who the user is until after the connection has been made and the authentication starts ...
 
Thank you for your answer.

I understand why this is not possible.

Is there a plugin to do that?

A plugin to have PF layer 7 in fact...
 
You must log in or register to reply here.
Back
Top