На случай экстренного открытия доступа к ssh с мобильного телефона через midpSSH:
[root@gw /usr/local/etc]# touch pf_temp_ssh && chown mobileuser:mobileuser pf_temp_ssh
[root@gw /usr/local/etc]# cat pf.conf | grep temp
table <pf_temp_ssh> persist file "/usr/local/etc/pf_temp_ssh"
pass in on $ext_if proto tcp from <pf_temp_ssh> to <ext_ip> port ssh keep state
[root@gw /usr/local/etc]# cat sudoers | grep mobileuser
mobileuser ALL=/sbin/pfctl
#!/bin/bash
# copyright (c) 2010 vprokofyev.blogspot.com <v.prokofyev@gmail.com>
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program (see the file COPYING); if not, write to the
# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
# MA 02110-1301 USA.
# usage: pfadd <ip-address or network>
ip_regexp=^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$
if [[ $1 =~ $ip_regexp ]]; then
echo "$1" >> /usr/local/etc/temp_ssh
sudo pfctl -f /usr/local/etc/pf.conf
echo "pf.conf loaded"
elif [[ $1 != $ip_regexp ]]; then
echo "Specify valid IP address"
fi
Posts
No comments:
Post a Comment