R. Brett Gilbert <[EMAIL PROTECTED]> wrote:
>
> What is the simplest way to eliminate everything but POP (Email) access?
This seems to come up a lot, where people want to know "How do I forbid
all traffic except XXX?"
The thing to remember is that ipfwadm defines a list of rules, and that
those rules are evaluated from top to bottom in order to determine what
will happen to a packet.
So, the simple answer is, create a set of rules that allow particular
traffic to pass through, then have a default rule that denies all other
traffic, at the bottom of the list. Or, set the default policy to
disallow traffic, and then define rules that allow it.
ipfwadm -F -p reject # default is to deny everything
ipfwadm -F -i masquerade -P tcp -S 192.168.1.0/24 -D 0/0 110 -W ppp0
This simple ruleset defines a default policy to reject forwarding
attempts, but inserts a rule that allows port 110/tcp (the POP port) to
be masqueraded through.
Want to allow more traffic? Add more rules with more ports.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
