Re: Need help with filters.

Graeme Slogrove (graeme@fast.co.za)
Mon, 6 Jan 1997 18:50:31 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gary E. Miller: "Re: PM2E and MAX coexistence (fwd)"
Previous message: rspence@trucom.com: "Need help with filters."
Maybe in reply to: rspence@trucom.com: "Need help with filters."

> I use the following filter for e-mail only accounts, but this filter
> only restricts users from surfing the Net, they can still telnet/ftp.

The filter you have should look more like this

permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 53
permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 25
permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 110
permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 113
permit 0.0.0.0/0 0.0.0.0/0 icmp
deny 0.0.0.0/0 0.0.0.0/0 ip log

This will _only_ allow them to do

1) DNS Lookup
2) SMTP Mail
3) POP3 Retrieval
4) Authentication

It is then impossible for them to do anything else :)

Graeme

---
FastLight Data Distribution cc - Your Internet 'Solution' Provider
Tel +27-(0)11-706-0212                      Fax +27-(0)11-706-0812
                                           Info :  info@fast.co.za
http://www.fast.co.za                      Sales: sales@fast.co.za

Next message: Gary E. Miller: "Re: PM2E and MAX coexistence (fwd)"
Previous message: rspence@trucom.com: "Need help with filters."
Maybe in reply to: rspence@trucom.com: "Need help with filters."