#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: 300-ssh-clients,v 1.3 2001/10/16 05:59:40 dholmes Exp $
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept
#i# cluster
#n# ssh
#t# clients
#
#   |--------------------------------------------------------------------|
#d# Although SSH encrypts a session, anyone with a valid user ID and 
#d# password can login. If you've disabled password logins and only permit
#d# public/private key authentication, this might be a little more secure.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

[ ! "$CLUSTER_NAME" ] && { inchain="$INCHAIN"; outchain="$OUTCHAIN"; } || \
			 { inchain="$OUTCHAIN"; outchain="$INCHAIN"; }

for host in `Option_Value accept $INTOPT ssh clients`
do
	echo "Accept $INTOPT $IPADDR SSH <- $host SSH $LOG_MSG"

	ipchains -A $inchain  -j ACCEPT -p tcp      -s $host   $SSHPORTS -d $IPADDR ssh       $LOG
	ipchains -A $outchain -j ACCEPT -p tcp ! -y -s $IPADDR ssh       -d $host   $SSHPORTS $LOG
done
unset host inchain outchain

