Date: Mon, 20 Apr 1998 21:34:37 +0100 From: Brian Somers <brian@Awfulhak.org> To: Capriotti <capriotti@geocities.com> Cc: Brian Somers <brian@Awfulhak.org>, freebsd-questions@FreeBSD.ORG Subject: Re: HELP with PPP and filetring, please ! Message-ID: <199804202034.VAA17271@awfulhak.org> In-Reply-To: Your message of "Mon, 20 Apr 1998 10:16:05 -0300." <3.0.32.19980420092429.00a40cc0@pop.mpc.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi ! Thanks to all of you who helped me with this one. > > Downloading the latest version made everithing work properly, even > filtering. and it is not dialing when it is loaded at boot time. > > Now, the last problem I will have to solve, before moving to the ppp server > (accepting calls), is the following: > > I want to stop ppp from dialing when I try connecting via telnet or ssh to > the FBSD box. > > To do it with the telnet, I am trying the following: > > > # DO NOT Allow telnet connections dial out to the Internet > # > set dfilter 2 deny tcp src eq 23 estab > set dfilter 3 deny tcp dst eq 23 > > > which is a modification of permit/deny telnet access. It didn't work, and > reading a lot of documentation didn't help much. > > Additionally, I would like to allow Internet access to a couple of user > only. I know there are filters I can use to do it, but I couldn't find > examples. > > What should I do ? Looks like you've got your rule numbers wrong ? You must have a rule 0, otherwise the whole set is ignored. I have a lot of mods to this filtering stuff in the pipeline (MP branch of -current), including some better docs. Something like set dfilter 0 permit tcp 1.2.3.4 0/0 dst eq 23 set dfilter 1 deny tcp 0/0 0/0 dst eq 23 should allow IP 1.2.3.4 access to telnet, but disallow everybody else. > At 07:46 PM 4/19/98 +0100, Brian Somers wrote: > >Is this with the latest ppp ? If not, get the latest from > >http://www.FreeBSD.org/~brian, otherwise you could try enabling > >command logging (set log +command) to see what's actually being > >executed. It looks as if the ``set ifaddr'' isn't being seen. -- Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org> <http://www.Awfulhak.org>; Don't _EVER_ lose your sense of humour.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804202034.VAA17271>