From owner-freebsd-security  Sat Sep 26 18:58:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA21461
          for freebsd-security-outgoing; Sat, 26 Sep 1998 18:58:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from csi-x.net (csi-x.net [202.184.73.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA21452
          for <freebsd-security@FreeBSD.ORG>; Sat, 26 Sep 1998 18:58:11 -0700 (PDT)
          (envelope-from najib@csi-x.net)
Received: from csi-x.net (nobody@csi-x.net [202.184.73.5])
	by csi-x.net (8.9.1/8.9.1) with SMTP id KAA04726
	for <freebsd-security@FreeBSD.ORG>; Sun, 27 Sep 1998 10:03:39 +0800 (MYT)
From: "Muhammad Najib"<najib@csi-x.net>
Reply-to: najib@csi-x.net
To: freebsd-security@FreeBSD.ORG
Date: Sun, 27 Sep 98 10:03:40 -800
Subject: Re: Firewall ...
X-Mailer: DMailWeb Web to Mail Gateway 1.5af, http://netwinsite.com/top_mail.htm
Message-id: <360d9cfc.1271.0@csi-x.net>
X-User-Info: 202.184.73.12
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>On Sat, 26 Sep 1998, Muhammad Najib wrote:
>
>>     Could you please give me an example file as well as some lines which
have
>> the rule(s) of allowing connection on the telnet port(23) and deny any other

>> else than that. I've refered to the page you pointed me to, but I just wanna

>> make a kinda confirmation here :) . Which where if I were to use ipfw :
>> 
>> ipfw add pass tcp from any to any 23
>
>allows all telnet connections in and out.
>
>If you only wanted to enable incoming telnet connections you could use:
>
>ipfw add pass tcp from any to any 23 recv
>ipfw add pass tcp from any 23 to any xmit
>
>
>> ipfw add pass tcp from any 23 to any
>
>allows anything in and out so long as it comes from a port 23.  This is
>bad.  If they have root on their end then they can send a packet to any
>port on your machine.  (They may not get anything back).
>
>> ipfw add deny all from any to any
>                ^^^
>change 'all' to 'ip'.
>
>
>Andrew McNaughton
>
>

Thanx Andrew for that bunch of information. But actually I need it in 'ipf'
instead of 'ipfw' :)
I'll take note on what you forward up here. Again thanx in advance.

regards,

******************************************************************
MUHAMMAD NAJIB ABDUL MUKTHI               member of My-Linux.ORG
NETWORK ENGINEER / SYSTEM ADMINISTRATOR   http://www.my-linux.org
Cutting Edge Enterprise
MPKS Tower Jalan Tunku Ibrahim            najib@mrsm.org
05000 Kedah Darulaman.                    najib@csi-x.net
http://najib.csi-x.net                    najib@kdupg.edu.my
Tel : 012-4717452                         najib@my-linux.org
******************************************************************

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message