Date: Sun, 21 Dec 1997 04:20:46 +0000 From: Brian Somers <brian@awfulhak.org> To: "Joe \"Marcus\" Clarke" <jmcla@ocala.cs.miami.edu> Cc: FreeBSD User Questions List <freebsd-questions@freebsd.org> Subject: Re: PPP telnet filter Message-ID: <199712210420.EAA18335@awfulhak.demon.co.uk> In-Reply-To: Your message of "Sat, 20 Dec 1997 17:33:32 EST." <Pine.SGI.3.96.971220173013.23844A-100000@ocala.cs.miami.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hey, I'm trying to create a ppp filter that will deny telnet requests
> coming from the Internet, but allow them coming from 192.168.100/24.
> Everything I try seems to produce unwanted results. My situation is
> this: I want the people on the Intranet (192.168.100/24) to be able to
> telnet to the server, but everyone else sholud be denied. I hope I'm
> being clear in this. I've tried a few o/ifilters with no real luck. I
> always seem to block ALL telnet requests, or allow all of them. Oh, and
> everything else should be allowed to pass normally. I have some filters
> up to prevent ICMP keep-alive, and dial, and they work fine. Thanks.
set ifilter X allow 192.168.100.0/24 0/0 tcp dst eq 23
set ifilter X+1 deny tcp dst eq 23
This is assuming that everyone is ``outside''. In most setups, the
second line is only necessary as the internal network won't be going
via ppp.
Another good pitfall is if your `hostname's IP is the one you're
using for ppp, and you don't have a loopback route for it, it'll
force the traffic through ppp :-| To setup the loopback route, add
ifconfig_lo0_alias0="inet a.b.c.d netmask 0xffffffff"
to /etc/rc.conf (a.b.c.d is your static IP number).
> Joe Clarke
>
--
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
<http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712210420.EAA18335>