Date: Sun, 27 Sep 1998 10:11:49 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: Muhammad Najib <najib@csi-x.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall ... Message-ID: <Pine.BSF.3.96.980927100538.390D-100000@aniwa.sky> In-Reply-To: <360cc91e.bbd.0@csi-x.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 26 Sep 1998, Muhammad Najib wrote:
> Could you please give me an example file as well as some lines which have
> the rule(s) of allowing connection on the telnet port(23) and deny any other
> else than that. I've refered to the page you pointed me to, but I just wanna
> make a kinda confirmation here :) . Which where if I were to use ipfw :
>
> ipfw add pass tcp from any to any 23
allows all telnet connections in and out.
If you only wanted to enable incoming telnet connections you could use:
ipfw add pass tcp from any to any 23 recv
ipfw add pass tcp from any 23 to any xmit
> ipfw add pass tcp from any 23 to any
allows anything in and out so long as it comes from a port 23. This is
bad. If they have root on their end then they can send a packet to any
port on your machine. (They may not get anything back).
> ipfw add deny all from any to any
^^^
change 'all' to 'ip'.
Andrew McNaughton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980927100538.390D-100000>