iodine wrote: > > When using ip_masquerading, I have seen a friend block machines on his > internal network from using http/ftp/telnet to any address on the outside > using ipfwadm. ie 192.168.1.5 not allowed to use ftp(21), telnet(32) and > http(80) to anywhere by using 0.0.0.0 in the command line or something > similar. Not sure on the exact command line, but have seen him do it. And it > worked well. > > /etc/hosts.allow & /etc/hosts.deny is for blocking services/ips coming in.. > not going out. or am I wrong? > I'm sorry. I read below that you wanted to prevent ftp and telnet access wo your mail server. To prevent outbound ftp and telnet from a specific host try
ipfwadm -F -a deny -P tcp -S 192.168.1.5/32 -D 0.0.0.0/0 telnet ftp > >Wilson Tuma wrote: > > > >> Hi > >> > >> How do I use ipfwadm to prevent all the users of my local network from > >> doing ftp and telnet to my mail server while allowing only two other > >> systems the same network from beign able to telnet or ftp to the mail > >> server. > > > >ipfwadm will only filter between networks. You need to take a look at > /etc/hosts.allow > >and /etc/hosts.deny. There is a man page for these files. > > >-- -- Paul Miller [EMAIL PROTECTED]
