>
> Can someone show me what a FILTER for blocking access to the Internet
> would look like? This filter should only allow LAN access.
(RTFM question - it's in the configuration guide).
Assuming your LAN is on 'aaa.bbb.ccc.ddd' and it's a /ZZ netblock (so if you
have a class C sized netblock it'd be a /24) and that you assign dialin
IP addresses in the www.xxx.yyy.zzz netblock (it could be the same
as your LAN netblock), you'd type:
add filter lanonly.in
"Get a filter set up to filter inbound traffic from a modem"
set filter lanonly.in 1 permit www.xxx.yyy.zzz/XX aaa.bbb.ccc.ddd/ZZ
"Allow all traffic from the IPs I assign to the LAN"
set filter lanonly.in 1 deny 0.0.0.0/0 0.0.0.0/0
"Deny everything else"
This filter has the advantage of filtering out IP spoofing of IPs outside
of the dialup netblock.
> Also, how could I then apply this filter to a specific user?
RADIUS. Framed-Filter-Id = "lanonly"
Dave Andersen