Date: Wed, 03 Mar 1999 13:38:29 +1100 From: Andrew Johns <A_Johns@TurnAround.com.au> To: "Marko's Work" <marko@websorcery.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: rc.firewall rules Message-ID: <36DCA0A5.849AAF2C@TurnAround.com.au> References: <01be64f5$947f7a20$9b84b7d1@vidbox>
next in thread | previous in thread | raw e-mail | index | archive | help
Marko's Work wrote: > I am using FreeBSD v3.0 and natd to share an internet connection with a > fewcomputers in the office. > > What specific rules do I need to add into rc.firewall if I want to drop all > packets coming to the telnet port EXCEPT from 2 trusted IP addresses (or > domains) ?? > > Thanks for any help..... > ipfw add allow tcp from any to any established (allow established connections thru) ipfw add allow tcp from trusted_host_1 23 to target_ip/net 23 setup (allow telnet setup from host 1/network) ipfw add allow tcp from trusted_host_2 23 to target_ip/net 23 setup (allow telnet setup from host 2/network) ipfw add deny tcp from any to any 23 (deny all others) As an alternative, if you wish to see who is trying to telnet to the machine, add the word log to the last line. eg: ipfw add deny log tcp from any to any 23 -- Regards | _/\_/\ Andrew Johns BSc (Comp Sci) | / \ TurnAround Solutions Pty Ltd | \_...__/ http://www.turnaround.com.au/ | \/ "The box said 'Requires Windows 95, NT, or better,' so I installed FreeBSD." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36DCA0A5.849AAF2C>