(PM) Concerning email only filters

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Paul C. Diem: "(PM) MCPPP with W95"
• Previous message: Ralf Sauther: "(PM) Addon-Cards for PM3 ?"
• Next in thread: Paul Gregg: "Re: (PM) Concerning email only filters"

I am trying to put together a set of filters to apply to a user so that he
can only access his local email through us, but not do anything else like
browsing or ftp, etc..... I have searched out the archives and found lots
of great suggestions to use and based on those emails that I found, I went
throught the PM3 manuals, carefully studied on how to put together my own
filters, and then wrote two filters on our PM3. The filters that I created
are below

Filter MAILONLY.IN

1 permit 0.0.0.0/0 0.0.0.0/0 icmp
2 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 53
3 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 53
4 deny 0.0.0.0/0 0.0.0.0/0 udp dst gt 33500
5 permit 0.0.0.0/0 0.0.0.0/0 udp dst gt 33433
6 permit 0.0.0.0/0 208.154.178.0/24 tcp dst eq 25
7 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 113
8 permit 0.0.0.0/0 208.154.178.0/24 tcp dst eq 110

.....and filter MAILONLY.OUT

1 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 20
2 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 21
3 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 23
4 deny 0.0.0.0/0 0.0.0.0/0 udp dst eq 69
5 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 80
6 deny 0.0.0.0/0 0.0.0.0/0 tcp dst eq 119

We are using RADIUS 2.0 for NT and in the users file I created a test entry
like such:

test Password = "test"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-Routing = None,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP,
Idle-Timeout = 900,
Session-Timeout = 21600,
Filter-Id = "mailonly.out",
Filter-Id = "mailonly.in"

When I dialed in and got connected it seems as though my filters have not
even taken effect since I could browse, ftp, and telnet to where ever I
wanted. I did save the filters on the PM3 and I did save the users file
after adding the new user, but I am not quite sure where I have gone wrong
with this. I must admit that I am a novice when it comes to this and this
is my first time at putting my hand to writing filters, but could someone
out there please comment on this message and help me find where I have gone
wrong, so I can get these filters working? Thanks in advance for your time
and patience!!!

JasonB

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

• Next message: Paul C. Diem: "(PM) MCPPP with W95"
• Previous message: Ralf Sauther: "(PM) Addon-Cards for PM3 ?"
• Next in thread: Paul Gregg: "Re: (PM) Concerning email only filters"