Re: (PM) Filter for FTP

Gene Lindsey (genel@ih2000.net)
Sat, 10 Jan 1998 14:59:37 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: System Administrator: "Re: (PM) ether0 ?"
Previous message: Butch Kemper: "(PM) Re: More PM2 ISDN problems"
Maybe in reply to: Michael Hart: "(PM) Filter for FTP"

Speaking of filters, I have finally created an Email filter that I think
works. Could someone tell me if I have any holes in it?
>sh filter email.in
1 permit 0.0.0.0/0 0.0.0.0/0 tcp estab
2 permit 0.0.0.0/0 xxx.xxx.xxx.xxx/32 tcp dst eq 80
3 permit 0.0.0.0/0 xxx.xxx.xxx.yyy/32 tcp dst eq 110
4 permit 0.0.0.0/0 xxx.xxx.xxx.yyy/32 tcp dst eq 25
5 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 53
6 permit 0.0.0.0/0 0.0.0.0/0 icmp

Where xxx.xxx.xxx.xxx is my Home Page Web Server and xxx.xxx.xxx.yyy is my
Mail Server. I want the user to get to mail, DNS and to my Home Page only.
My assigned IP pool is xxx.xxx.zzz.1-230(5PM3's). Do I need an 'email.out'
filter? Also, do I need rule 1 and/or rule 6? (Also, MZ, is this a
Portmaster or Radius question?) I know that I could do more testing, but
this list is sooooo convenient and others may want to use the info.
TIA
Gene Lindsey
Network Administrator
IH2000.net
genel@ih2000.net
PM3/3.7.2/RadiusNTv2

-----Original Message-----
From: Michael Hart <michaelh@bluebonnet.net>
To: portmaster-users@livingston.com <portmaster-users@livingston.com>
Date: Saturday, January 10, 1998 1:28 PM
Subject: (PM) Filter for FTP

>Does anyone have a filter for the PM3 that will allow a dial-in user
>only ftp to one ip address and nothing else?
>
>Thanks,
>Michael

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

Next message: System Administrator: "Re: (PM) ether0 ?"
Previous message: Butch Kemper: "(PM) Re: More PM2 ISDN problems"
Maybe in reply to: Michael Hart: "(PM) Filter for FTP"