plug Advice on firewall/masq config

Leon Brooks leonb at ami.com.au
Mon Jun 1 21:43:00 WST 1998


Steven Lockhart wrote:
> Is there a way to limit telnet connections to a box by ip address ranges?????

ipfwadm -I -p deny
ipfwadm -I -a accept -P tcp -S <range> <port-list> -D 0/0
ipfwadm -I -a accept -S 0/0 <port-list-2> 1024:65535 -D 0/0

This will prevent telnetting (and everything else) TO or THROUGH this
box, unless it comes from <range>, e.g. 192.168.0.0/24. <Port-list>
should include 23 for telnet, plus others for limited services (see
/etc/services and/or /etc/inetd.conf for numbers). <Port-list-2> should
contain all the ports for unlimited services (e.g. 80 for HTTP) and
necessary ones (e.g. 53 for domain-name services). If you just want to
trim back services TO and not THROUGH, use -D my.ip.ad.dr/32 instead of
-D 0/0.

Well, I think I got it right. That's all the warranty you're getting.
(-:


More information about the plug mailing list