Hi,
On Mon, Jun 23, 2014 at 11:39:48AM -0500, Larry Becke wrote:
> I feel that this would be a simpler way to prevent ssh from even starting
> on those subnets.
Implementation would be fairly complex - there is no way to tell the
socket API "Listen on 'any' but exclude *those*", so you'd have to
enumerate all IP addresses the machine has (which might change during
sshd lifetime), then match that with the exclude list, and use the result
for many individual bind()s.
As this is portability madness, I'd really avoid going there... (though
I'm not an OpenSSH developer, just a sysadmin having run into issues with
that with other software on more exotic platforms).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@xxxxxxxxxxxxxx
fax: +49-89-35655025 gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
