Re: ANNOUNCE: pm2_3.1.3c2 fixes Telnet break problem

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Robert Hanson: "Re: ANNOUNCE: pm2_3.1.3c2 fixes Telnet break problem"
• Previous message: Jonathan Dasteel: "Re: ppp_sync"
• In reply to: Carl Rigney: "ANNOUNCE: pm2_3.1.3c2 fixes Telnet break problem"
• Next in thread: Robert Sanders: "Re: ANNOUNCE: pm2_3.1.3c2 fixes Telnet break problem"

add filter notelnet.in
set filter notelnet.in 1 permit svr_ip/32 pm_ip/32 tcp dst eq 23 estab
set filter notelnet.in 2 permit svr_ip/32 pm_ip/32 tcp dst eq 23 log
set filter notelnet.in 3 deny 0.0.0.0/0 pm_ip/32 tcp dst eq 23 log
set filter notelnet.in 4 permit
set ether0 ifilter notelnet.in
save all

Where "svr_ip" is the IP address of the server that is now (hopefully)
the only machine that can telnet to the Portmaster, and "pm_ip" is the IP
address of the Portmaster.

One minor point. Before I actually gave the "save all" command, I broke
the telnet connection to my Portmaster and then reconnected, to make
absolutely sure that I wasn't filtering out myself (figuring I could
always cycle power as long as I hadn't saved).

This filter has a small advantage over yours in that yours always logged
everything, including just about every byte transferred during a legal
telnet session to the Portmaster. This filter only logs a permitted
session once.

--
    ("`-/")_.-'"``-._             Leo Savage
     . . `; -._    )-;-,_`)
    (v_,)'  _  )`-.\  ``-'       leo@esva.net
   _.- _..-_/ / ((.'
 ((,.-'   ((,/             http://www.esva.net/~leo/

• Next message: Robert Hanson: "Re: ANNOUNCE: pm2_3.1.3c2 fixes Telnet break problem"
• Previous message: Jonathan Dasteel: "Re: ppp_sync"
• In reply to: Carl Rigney: "ANNOUNCE: pm2_3.1.3c2 fixes Telnet break problem"
• Next in thread: Robert Sanders: "Re: ANNOUNCE: pm2_3.1.3c2 fixes Telnet break problem"