Date: Sun, 10 May 1998 20:46:48 -0700 (PDT) From: Doug White <dwhite@gdi.uoregon.edu> To: Capriotti <capriotti@geocities.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW Rules Message-ID: <Pine.BSF.3.96.980510204407.2508K-100000@gdi.uoregon.edu> In-Reply-To: <3.0.32.19980510184700.0092bd40@pop.mpc.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 May 1998, Capriotti wrote: > I am actually trying to understand the filtering mechanism to, next apply > it to: > > filter netbios (I don't want it to cause ppp to dial, and I don't want > strangers to access it; Actually there's something about it in the archives) If you want to keep something from forcing a ppp dialout, you need to set up ppp's dfilter. In your case you want to keep comm on the netbios ports down -- check /etc/services. This will continue to allow the traffic, just not let it cause a dialout. > filter what will in or out via ppp (do I have to make this kind of rule > refere to tun0 or sio0 ?) If you truly want to block it then you will have to block it on tun0. You will want to set up the dfilter too so you don't have dialouts on blocked data. I haven't tried this, though -- ipfw may get a hold of the data before ppp does. > allow acess to secure shell and not telnet If this is a single machine, it's easier to just turn telnetd off in /etc/inetd.conf. Otherwise block port 20 with a rule like: deny from any to any 20 Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980510204407.2508K-100000>