From owner-freebsd-questions  Sat Dec 27 09:37:29 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id JAA07277
          for questions-outgoing; Sat, 27 Dec 1997 09:37:29 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from Moonraker.afsc.k12.ar.us ([170.211.144.146])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA07263
          for <freebsd-questions@FreeBSD.ORG>; Sat, 27 Dec 1997 09:37:24 -0800 (PST)
          (envelope-from bbeavers@Moonraker.afsc.k12.ar.us)
Received: (from bbeavers@localhost) by Moonraker.afsc.k12.ar.us (8.8.3/8.8.3) id MAA14399; Sat, 27 Dec 1997 12:30:48 GMT
Date: Sat, 27 Dec 1997 12:30:47 +0000 ()
From: Bill Beavers <bbeavers@Moonraker.afsc.k12.ar.us>
To: "Joe \"Marcus\" Clarke" <jmcla@ocala.cs.miami.edu>
cc: FreeBSD User Questions List <freebsd-questions@FreeBSD.ORG>
Subject: Re: PPP telnet filter
In-Reply-To: <Pine.SGI.3.96.971220173013.23844A-100000@ocala.cs.miami.edu>
Message-ID: <Pine.BSF.3.91.971227122750.14382A-100000@Moonraker.afsc.k12.ar.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


Try a hosts.allow and hosts.deny in your /etc directory.  In the 
hosts.deny, put something like...

fingerd: ALL:  (/sbin/safe_finger -l @%h | /usr/bin/mail -s %d-%h admin)
telnetd: ALL:  (/sbin/safe_finger -l @%h | /usr/bin/mail -s %d-%h admin)
ftpd:    ALL:  (/sbin/safe_finger -l @%h | /usr/bin/mail -s %d-%h admin)

in you hosts.allow file put something like

ALL: LOCAL, YOURIP#HERE, OTHERS, MORE, ETC.....



On Sat, 20 Dec 1997, Joe "Marcus" Clarke wrote:

> Hey, I'm trying to create a ppp filter that will deny telnet requests
> coming from the Internet, but allow them coming from 192.168.100/24.
> Everything I try seems to produce unwanted results.  My situation is
> this: I want the people on the Intranet (192.168.100/24) to be able to
> telnet to the server, but everyone else sholud be denied.  I hope I'm
> being clear in this.  I've tried a few o/ifilters with no real luck.  I
> always seem to block ALL telnet requests, or allow all of them.  Oh, and
> everything else should be allowed to pass normally.  I have some filters
> up to prevent ICMP keep-alive, and dial, and they work fine.  Thanks.
> 
> Joe Clarke
> 
> 

........................................
. Bill Beavers, Technology Coordinator .
. Arch Ford Education Coop             .
. bbeavers@moonraker.afsc.k12.ar.us    .
. http://moonraker.afsc.k12.ar.us      .
........................................