From owner-freebsd-questions  Sun May 10 20:48:22 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA00311
          for freebsd-questions-outgoing; Sun, 10 May 1998 20:48:22 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA00263
          for <freebsd-questions@FreeBSD.ORG>; Sun, 10 May 1998 20:48:18 -0700 (PDT)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id UAA02578;
          Sun, 10 May 1998 20:46:48 -0700 (PDT)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Sun, 10 May 1998 20:46:48 -0700 (PDT)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: Capriotti <capriotti@geocities.com>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW Rules
In-Reply-To: <3.0.32.19980510184700.0092bd40@pop.mpc.com.br>
Message-ID: <Pine.BSF.3.96.980510204407.2508K-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 10 May 1998, Capriotti wrote:

> I am actually trying to understand the filtering mechanism to, next apply
> it to:
> 
> filter netbios (I don't want it to cause ppp to dial, and I don't want
> strangers to access it; Actually there's something about it in the archives)

If you want to keep something from forcing a ppp dialout,  you need to set
up ppp's dfilter.  In your case you want to keep comm on the netbios ports
down -- check /etc/services.  This will continue to allow the traffic,
just not let it cause a dialout.

> filter what will in or out via ppp (do I have to make this kind of rule
> refere to tun0 or sio0 ?)

If you truly want to block it then you will have to block it on tun0.  You
will want to set up the dfilter too so you don't have dialouts on blocked
data.  I haven't tried this, though -- ipfw may get a hold of the data
before ppp does.

> allow acess to secure shell and not telnet

If this is a single machine, it's easier to just turn telnetd off in
/etc/inetd.conf. Otherwise block port 20 with a rule like:

deny from any to any 20

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message