05-10-2016
Hi dukessd,
Thanks for your reply.
But when I use AIX filtering (ipsec) , I only can restrict IP address.
How to restrict specific user login?
for example:
user alice can login to AIX (via ssh or telnet) from 192.168.1.100
user bob can not login to AIX (via ssh or telnet) from 192.168.1.100
I do not want all user can not login to AIX from 192.168.1.100
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Our users have the tendency to use only one login account, to do their jobs. Obvious itīs a matter of training our users. But our internal audit team insists on restrictions from our system.
So is there an option to restrict an account to only login once into the system?
We use HP-UX 11.0.
... (0 Replies)
Discussion started by: Egroman
0 Replies
2. UNIX for Advanced & Expert Users
Hi all,
I want to know the time when a perticular user is created, atleat in which year it is created. Could any one help me in this issue.
Thanks in advance.
Regards,
M.Sukumar (1 Reply)
Discussion started by: sukumar
1 Replies
3. AIX
I am just wondering if there is a way I can obtain a free shell account for an AIX server that I can make test drive on it. I tried google search and ibm's web site but couldn't find anything..
regards, (2 Replies)
Discussion started by: milhan
2 Replies
4. AIX
Hello,
I am using wu-ftp 2.4.2 in AIX 5.2. I wanted to restrict high ports for dataconnection. by default dataconnection ports will be from range 1024 to 65536. But i wanted to restrict it to some range like 10000 - 10500. This setting is to enable ports at client firewall.
Please let me... (0 Replies)
Discussion started by: balareddy
0 Replies
5. Shell Programming and Scripting
How to restrict running one instance of scp at any time? (2 Replies)
Discussion started by: proactiveaditya
2 Replies
6. Solaris
My OS is Solaris 10, I would like to know if there is any way to restrict user login to the system (either remote or console login) after certain time, say 20:00 on Mon to Fri and whole day on SAT and SUN???
Sorry that I am a new user on Unix System.
Any comment is fully appreciated!!!
Alex (7 Replies)
Discussion started by: alessandro31
7 Replies
7. AIX
Hi there,
I am new to AIX environment, when I set up NIS Client for an AIX 5.3 Machine to connect to a Linux NIS Master, everything seems to be okie:
/etc/passwd: +::0:0:::
/etc/group: +:
ps -ef | egrep "ypbind": /usr/lib/netsvc/yp/ypbind -ypsetme -ypsetme
I can get all account... (0 Replies)
Discussion started by: quanba
0 Replies
8. UNIX for Advanced & Expert Users
Hello all,
I am using IBM Directory Server (as a part of AIX7 extension pack) in an AIX environment.
To set up the server I use command:
mksecldap -s -a cn=admin -p PWD -S RFC2307AIX -d o=COMPANY -u NONE
Then, to set up IDS clients I use the following (I have 2 mutually replicating servers... (0 Replies)
Discussion started by: Myaso
0 Replies
9. UNIX for Beginners Questions & Answers
I need to know how to restrict the ftpusers within their home directory in AIX 7.1
For example for ftpuser nonoftp I have tried putting this entry to /etc/ftpaccess.ctl and refreshed inetd but the directory listing unsuccessful error comes with the entry. Without the ftpaccess.ctl file ftp users... (2 Replies)
Discussion started by: pregmi
2 Replies
10. UNIX for Advanced & Expert Users
Environment: CentOS 7
I would like to have a solution where a service account can access a server in only these ways:
ssh non-interactively via password or ssh key; that is, run commands or scripts (but running anything in /etc/shells will not be allowed)
not ssh interactively
regular... (2 Replies)
Discussion started by: bgstack15
2 Replies
LEARN ABOUT DEBIAN
shorewall-exclusion
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5)
NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.
SYNOPSIS
!address-or-range[,address-or-range]...
!zone-name[,zone-name]...
DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
form lowaddress-highaddress
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
/etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.
Warning
If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
rule generated for a parent zone.
For example:
/etc/shorewall/zones:
#ZONE TYPE
z1 ip
z2:z1 ip
...
/etc/shorewall/policy:
#SOURCE DEST POLICY
z1 net CONTINUE
z2 net REJECT
/etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT all!z2 net tcp 22
In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.
In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:
o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
match set1 OR NOT match set2 ... OR NOT match setN.
o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
AND NOT match set2 ... AND NOT match setN.
EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4
!192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
!192.168.1.0/24,10.1.3.4
Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
!192.168.1.3-192.168.1.12,10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
192.168.1.0/24!192.168.1.3,192.168.1.9
Example 5 - All parent zones except loc
any!loc
FILES
/etc/shorewall/hosts
/etc/shorewall/masq
/etc/shorewall/rules
/etc/shorewall/tcrules
SEE ALSO
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)
NOTES
1. shorewall-ipsets
http://www.shorewall.net/manpages/shorewall-ipsets.html
[FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)