Hi, On Mon, Jun 23, 2014 at 11:39:48AM -0500, Larry Becke wrote: > I feel that this would be a simpler way to prevent ssh from even starting > on those subnets. Implementation would be fairly complex - there is no way to tell the socket API "Listen on 'any' but exclude *those*", so you'd have to enumerate all IP addresses the machine has (which might change during sshd lifetime), then match that with the exclude list, and use the result for many individual bind()s. As this is portability madness, I'd really avoid going there... (though I'm not an OpenSSH developer, just a sysadmin having run into issues with that with other software on more exotic platforms). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx fax: +49-89-35655025 gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev