Re: (PM) Filters (it's contagious)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: John Gonzalez/netMDC admin: "Re: (PM) ISDN & PM3's Which TA"
• Previous message: Peter Salvage: "(PM) PPP Authentication"
• Maybe in reply to: Doug McClure: "(PM) Filters (it's contagious)"

> I want to prevent users from sending mail off other relays (logging it all
> the while), log all icmp and telnet traffic, and stop any NetBIOS traffic;
>
> add filter basic.in

> set filter basic.in 1 permit 216.98.0.0/20 216.98.0.54/0 tcp dst eq 25
> set filter basic.in 2 permit 216.98.0.0/20 216.98.0.50/0 tcp dst eq 25

If this is a single host use a /32.

> set filter basic.in 3 deny 216.98.0.0/20 0.0.0.0/0 tcp dst eq 25 log

Ok block all other TCP traffic on port 25 and log

> set filter basic.in 4 permit 216.98.9.0/24 0.0.0.0/0 tcp

permit the rest of tcp.

> set filter basic.in 5 deny 216.98.0.0/20 0.0.0.0/0 tcp dst eq 137 log
> set filter basic.in 6 deny 216.98.0.0/20 0.0.0.0/0 tcp dst eq 138 log
> set filter basic.in 7 deny 216.98.0.0/20 0.0.0.0/0 tcp dst eq 139 log
> set filter basic.in 8 deny 216.98.0.0/20 0.0.0.0/0 udp dst eq 137 log
> set filter basic.in 9 deny 216.98.0.0/20 0.0.0.0/0 udp dst eq 138 log
> set filter basic.in 10 deny 216.98.0.0/20 0.0.0.0/0 udp dst eq 139 log

Block MS stuff from the user... Personally this would annoy me if I was a
user.

> set filter basic.in 11 permit 216.98.0.0/20 0.0.0.0/0 tcp dst eq 23 log

Permit telnet

> set filter basic.in 12 permit 216.98.9.0/24 0.0.0.0/0 icmp log

Permit ICMP

> set filter basic.in 13 permit 216.98.9.0/24 0.0.0.0/0 udp

Permit UDP

> set filter basic.in 14 deny 0.0.0.0/0 0.0.0.0/0
>

Block everything else.... That includes WWW, finger, ftp, and everything
else....

> and I want to prevent them from running web, ftp, or mail servers off of
> their dialup accounts, loggin it.

> add filter basic.out
> set filter basic.out 1 permit 0.0.0.0/0 216.98.0.0/20 tcp dst gt 100
> set filter basic.out 2 permit 0.0.0.0/0 216.98.0.0/20 udp
> set filter basic.out 3 permit 0.0.0.0/0 216.98.0.0/20 icmp
> set filter basic.out 4 deny 0.0.0.0/0 216.98.0.0/20 tcp dst lt 100 log

All they have to do is change the ports...

-- 
Thomas C Kinnen - <tkinnen@ra.lucent.com> <tkinnen@sobhrach.com>
[RADIUS Test Engineer] - LUCENT Technologies RABU
"All of the opinions stated above are my own and not my employer's,
unless they were given to me by my employer"
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

• Next message: John Gonzalez/netMDC admin: "Re: (PM) ISDN & PM3's Which TA"
• Previous message: Peter Salvage: "(PM) PPP Authentication"
• Maybe in reply to: Doug McClure: "(PM) Filters (it's contagious)"