On Tue, Sep 21, 1999 at 02:02:26PM -0400, [EMAIL PROTECTED] wrote:
> Is it possible to disable telnet to be bind to the ppp interface? I don't want
> people to be able to telnet to my isp internet connection. I believe this is
> possible setting the protocols and creating standard diald filters. Is it also
> possible to do it in general and only allow telnet to work under the eth0
> interface regardless of diald?
Sure you can do that. The easiest way is to use a firewall; ipfwadm or
ipchains and deny connections to port 23 of the dynamic interface.
Better yet, deny all incoming connections to the dynamic interface with
the SYN bit set. Assuming that all connections are initiated from your
network, any incoming connection with the SYN bit set is one you did not
initiate, ergo, it is unwanted. This is the most paranoid and safest
policy. Of course, you may wish to make exceptions for port 113, ident
and port 20, ftp-data and any other ports on which you provide services.
--
Gyepi Sam --+-- Designer/Programmer --+-- Network/System Administrator
[EMAIL PROTECTED] --+-- http://www.praxis-sw.com/gyepi
You can observe a lot just by watching. -- Yogi Berra
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
