From owner-freebsd-questions Tue Mar 2 18:40:30 1999 Delivered-To: freebsd-questions@freebsd.org Received: from WEBBSD1.turnaround.com.au (webbsd1.turnaround.com.au [203.39.138.49]) by hub.freebsd.org (Postfix) with ESMTP id EDE2914BE7 for ; Tue, 2 Mar 1999 18:40:27 -0800 (PST) (envelope-from A_Johns@TurnAround.com.au) Received: from TurnAround.com.au (dhcp64.turnaround.com.au [192.168.1.64]) by WEBBSD1.turnaround.com.au (8.8.7/8.8.7) with ESMTP id NAA20800; Wed, 3 Mar 1999 13:43:02 +1100 (EST) (envelope-from A_Johns@TurnAround.com.au) Message-ID: <36DCA0A5.849AAF2C@TurnAround.com.au> Date: Wed, 03 Mar 1999 13:38:29 +1100 From: Andrew Johns Organization: TurnAround Solutions P/L X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "Marko's Work" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: rc.firewall rules References: <01be64f5$947f7a20$9b84b7d1@vidbox> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Marko's Work wrote: > I am using FreeBSD v3.0 and natd to share an internet connection with a > fewcomputers in the office. > > What specific rules do I need to add into rc.firewall if I want to drop all > packets coming to the telnet port EXCEPT from 2 trusted IP addresses (or > domains) ?? > > Thanks for any help..... > ipfw add allow tcp from any to any established (allow established connections thru) ipfw add allow tcp from trusted_host_1 23 to target_ip/net 23 setup (allow telnet setup from host 1/network) ipfw add allow tcp from trusted_host_2 23 to target_ip/net 23 setup (allow telnet setup from host 2/network) ipfw add deny tcp from any to any 23 (deny all others) As an alternative, if you wish to see who is trying to telnet to the machine, add the word log to the last line. eg: ipfw add deny log tcp from any to any 23 -- Regards | _/\_/\ Andrew Johns BSc (Comp Sci) | / \ TurnAround Solutions Pty Ltd | \_...__/ http://www.turnaround.com.au/ | \/ "The box said 'Requires Windows 95, NT, or better,' so I installed FreeBSD." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message