I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able subnets / vlans from SSH use, I am proposing that rather than listing all of the acceptable vlans for listeners, that we use the following format to build an exclusion list. That would be like ListenAddress 0.0.0.0 ListenAddress !192.168.0.0/24 ListenAddress !192.168.1.0/24 I have searched through the man pages and openssh documentation and have found nothing to this kind of configuration, with everyone talking about using tcp wrappers or iptables to block ssh from accepting connections on different subnets. I feel that this would be a simpler way to prevent ssh from even starting on those subnets. Thanks for your time and consideration. Larry Becke _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev