Monty J. Harder wrote:
The problem with that one is 'generally'. You never know when an ISP will change the IP range that you use in a location, and you also never know when you're going to be somewhere else and need to get in.
It might be better to have an extra layer of security for an IP outside that range. For instance, you might have it challenge the user to enter some special password (or just su to root to run a command that validates the session) and if that fails, dump them before they can do anything else.
There's also "port knocking": http://www.portknocking.org/ . In order for the firewall to open up port 22, you would have to send a special sequence of packets, e.g. attempt to connect to a specific combination of ports in a specific order.