Date: Sun, 27 Sep 98 10:03:40 -800 From: "Muhammad Najib"<najib@csi-x.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Firewall ... Message-ID: <360d9cfc.1271.0@csi-x.net>
next in thread | raw e-mail | index | archive | help
>On Sat, 26 Sep 1998, Muhammad Najib wrote: > >> Could you please give me an example file as well as some lines which have >> the rule(s) of allowing connection on the telnet port(23) and deny any other >> else than that. I've refered to the page you pointed me to, but I just wanna >> make a kinda confirmation here :) . Which where if I were to use ipfw : >> >> ipfw add pass tcp from any to any 23 > >allows all telnet connections in and out. > >If you only wanted to enable incoming telnet connections you could use: > >ipfw add pass tcp from any to any 23 recv >ipfw add pass tcp from any 23 to any xmit > > >> ipfw add pass tcp from any 23 to any > >allows anything in and out so long as it comes from a port 23. This is >bad. If they have root on their end then they can send a packet to any >port on your machine. (They may not get anything back). > >> ipfw add deny all from any to any > ^^^ >change 'all' to 'ip'. > > >Andrew McNaughton > > Thanx Andrew for that bunch of information. But actually I need it in 'ipf' instead of 'ipfw' :) I'll take note on what you forward up here. Again thanx in advance. regards, ****************************************************************** MUHAMMAD NAJIB ABDUL MUKTHI member of My-Linux.ORG NETWORK ENGINEER / SYSTEM ADMINISTRATOR http://www.my-linux.org Cutting Edge Enterprise MPKS Tower Jalan Tunku Ibrahim najib@mrsm.org 05000 Kedah Darulaman. najib@csi-x.net http://najib.csi-x.net najib@kdupg.edu.my Tel : 012-4717452 najib@my-linux.org ****************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?360d9cfc.1271.0>