From owner-freebsd-questions  Sat Dec 20 15:43:40 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id PAA23242
          for questions-outgoing; Sat, 20 Dec 1997 15:43:40 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from didda.est.is (ppp-54.est.is [194.144.208.154])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA23226
          for <questions@freebsd.org>; Sat, 20 Dec 1997 15:43:20 -0800 (PST)
          (envelope-from totii@est.is)
Received: from est.is (didda.est.is [192.168.255.1])
	by didda.est.is (8.8.7/8.8.7) with ESMTP id XAA01687;
	Sat, 20 Dec 1997 23:41:46 GMT
	(envelope-from totii@est.is)
Message-ID: <349C57B9.8E75D61F@est.is>
Date: Sat, 20 Dec 1997 23:41:45 +0000
From: "Þorður Ivarsson" <totii@est.is>
X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386)
MIME-Version: 1.0
To: "Joe \"Marcus\" Clarke" <jmcla@ocala.cs.miami.edu>
CC: questions <questions@freebsd.org>
Subject: Re: PPP telnet filter
References: <Pine.SGI.3.96.971220173013.23844A-100000@ocala.cs.miami.edu>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Joe "Marcus" Clarke wrote:
> 
> Hey, I'm trying to create a ppp filter that will deny telnet requests
> coming from the Internet, but allow them coming from 192.168.100/24.
> Everything I try seems to produce unwanted results.  My situation is
> this: I want the people on the Intranet (192.168.100/24) to be able to
> telnet to the server, but everyone else sholud be denied.  I hope I'm
> being clear in this.  I've tried a few o/ifilters with no real luck.  I
> always seem to block ALL telnet requests, or allow all of them.  Oh, and
> everything else should be allowed to pass normally.  I have some filters
> up to prevent ICMP keep-alive, and dial, and they work fine.  Thanks.
> 
> Joe Clarke

One solution is to use xinetd and it works fine it is very easy to
install and maintain.

Other is to use IPfirewall through kernel. I tried following rule:
   
   ipfw add 3001 deny tcp from any to any 23 in via tun0

I am not familiar to filtering in user ppp.

-- 
Þórður Ívarsson		Thordur Ivarsson
Rafeindavirki		Electronic technician
Norðurgötu 30		Nordurgotu 30
Box 309			Box 309
602 Akureyri		602 Akureyri
Ísland			Iceland

---------------------------------------------
FreeBSD has good features,
Some others are full of unwanted features!
---------------------------------------------