I wrote:
-> DEFAULT Service-Type == Framed-User
-> Cisco-AVpair += "ip:inacl#5=deny tcp any any eq 4444",
-> [...]
Upon further {reflection,caffeine}, s/inacl/outacl/ seems to be more
appropriate.
If anyone has tips on how to use both inacl and outacl at the same time,
please let me know - my first try at it looked like it was blocking all
traffic. Would like to be able to block outbound 4444 and 135 connect
attempts from our dialup customers so they won't be spreading the worm.
-Robert Tarrall.-
Unix System/Network Admin
E.Central/Neighborhood Link
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
