You can usually configure a firewall to block application server connections
from all but a list of allowed IPs, but if you want to restrict certain clients
from all IPs, then there is no way to distinguish between client applications
at any time, much less at connect.
You don't lose command-line access without an application server, you just
need to use the Direct Connect syntax in the connection variables.
- V