Re: help on firewall

To: iodine <michael@linux-users.nu>
Cc: debian-user@lists.debian.org
Subject: Re: help on firewall
From: Paul Miller <pmiller@jove.acs.unt.edu>
Date: Wed, 04 Nov 1998 08:32:44 -0600
Message-id: <[🔎] 3640658C.958C2CE6@jove.acs.unt.edu>
References: <[🔎] 19981104051504.20912.qmail@fairfax.com.au>

iodine wrote:
> 
> When using ip_masquerading, I have seen a friend block machines on his
> internal network from using http/ftp/telnet to any address on the outside
> using ipfwadm. ie 192.168.1.5 not allowed to use ftp(21), telnet(32) and
> http(80) to anywhere by using 0.0.0.0 in the command line or something
> similar. Not sure on the exact command line, but have seen him do it. And it
> worked well.
> 
> /etc/hosts.allow & /etc/hosts.deny is for blocking services/ips coming in..
> not going out. or am I wrong?
> 
I'm sorry. I read below that you wanted to prevent ftp and telnet access
wo your mail server. To prevent outbound ftp and telnet from a specific
host try

ipfwadm -F -a deny -P tcp -S 192.168.1.5/32 -D 0.0.0.0/0 telnet ftp

> >Wilson Tuma wrote:
> >
> >> Hi
> >>
> >> How do I use ipfwadm to prevent  all the users of my local network from
> >> doing ftp and telnet to my mail server while allowing only  two other
> >> systems the same network from beign able to telnet or ftp to the mail
> >> server.
> >
> >ipfwadm will only filter between networks. You need to take a look at
> /etc/hosts.allow
> >and /etc/hosts.deny. There is a man page for these files.
> >
 >--


-- 
Paul Miller
pmiller@jove.acs.unt.edu

Reply to:

References:
- Re: help on firewall
  - From: "iodine" <iodine@mail.fairfax.com.au>

Prev by Date: Texas Instrument and Docking Bay
Next by Date: emacs where is it?
Previous by thread: Re: help on firewall
Next by thread: Help on Sendmail
Index(es):
- Date
- Thread