From owner-freebsd-security Sat Sep 26 15:13:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA24523 for freebsd-security-outgoing; Sat, 26 Sep 1998 15:13:21 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (pppk-02.igrin.co.nz [202.49.245.81]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA24484 for ; Sat, 26 Sep 1998 15:13:04 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with SMTP id KAA00513; Sun, 27 Sep 1998 10:11:49 +1200 (NZST) (envelope-from andrew@squiz.co.nz) Date: Sun, 27 Sep 1998 10:11:49 +1200 (NZST) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Muhammad Najib cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall ... In-Reply-To: <360cc91e.bbd.0@csi-x.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 26 Sep 1998, Muhammad Najib wrote: > Could you please give me an example file as well as some lines which have > the rule(s) of allowing connection on the telnet port(23) and deny any other > else than that. I've refered to the page you pointed me to, but I just wanna > make a kinda confirmation here :) . Which where if I were to use ipfw : > > ipfw add pass tcp from any to any 23 allows all telnet connections in and out. If you only wanted to enable incoming telnet connections you could use: ipfw add pass tcp from any to any 23 recv ipfw add pass tcp from any 23 to any xmit > ipfw add pass tcp from any 23 to any allows anything in and out so long as it comes from a port 23. This is bad. If they have root on their end then they can send a packet to any port on your machine. (They may not get anything back). > ipfw add deny all from any to any ^^^ change 'all' to 'ip'. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message