(PM) Filters -- How do I let one TCP port in from a specific IP while denying others?

Mark Radabaugh (mark@woodville.net)
Wed, 26 Nov 1997 09:05:29 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen Fisher: "Re: (PM) CT1 configuration"
Previous message: Rick Davidson: "Re: (PM) (PM3/Radius) Windows NT 4.0 and that darn TCP.."

How can I let a connection to a specific port (y.y.y.y.139) through a =
filter from a specific IP (x.x.x.x) while blocking them from all other =
IP's? The following example does not work since the packets I want make =
it past rule 6 but get denied by rule 7. Reversing the order of 6 and 7 =
won't help since then the good ones die at rule 6. =20

The rule I am looking for is basically

deny (not xxx.xxx.xxx.xxx/24) 209.57.124.2/26 tcp dst eq 139

I understand the "things not explicity permitted are denied" which means =
that just rule 6 in the example below would work if I didn't have rules =
9 and 10. Rules 9 and 10 are there so that I do not have to pick each =
service port individually. Picking individual ports makes for a very =
long set of filter rules.

What am I missing here?

Example:

6 permit x.x.x.x/24 y.y.y.y/32 tcp dst eq 139
7 deny 0.0.0.0/0 y.y.y.y/26 udp dst eq 139 log
8 deny 0.0.0.0/0 y.y.y.y/26 tcp dst eq 139 log
9 permit tcp=20
10 permit udp =20

mark@woodville.net

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

Next message: Stephen Fisher: "Re: (PM) CT1 configuration"
Previous message: Rick Davidson: "Re: (PM) (PM3/Radius) Windows NT 4.0 and that darn TCP.."