[Shorewall-users] How to deny telnet for several users?
Janek
janekj at online.ee
Fri, 8 Nov 2002 16:47:20 +0200
Thank You, Tom!
The last lines (REJECT ...) were enough for me! This is answer for my
problem - I can now deny access from inside of our network to outside (the
"problem" is with couple of users).
With Best Regards,
Janek.
----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>
To: "Janek" <janekj@online.ee>; <shorewall-users@shorewall.net>
Sent: Friday, November 08, 2002 4:33 PM
Subject: Re: [Shorewall-users] How to deny telnet for several users?
>
>
> --On Friday, November 08, 2002 12:51 PM +0200 Janek <janekj@online.ee>
> wrote:
>
> > Hi everybody!
> > I got a problem. I have to deny a telnet (port 23) for several users in
> > our network. It's better they can't connect with other computers via
this
> > port. Let's say their IPs are 192.168.0.2 / 192.168.0.5.
> > Please help me!
>
> You cannot use your firewall to stop computers on a single LAN segment
from
> communicating with each other because that traffic doesn't go through your
> firewall. You could stop them from telneting to the net by a rules such
as:
>
> REJECT loc:192.168.0.2 net tcp 23
> REJECT loc:192.168.0.3 net tcp 23
> ...
>
> -Tom
> --
> Tom Eastep \ Shorewall - iptables made easy
> AIM: tmeastep \ http://www.shorewall.net
> ICQ: #60745924 \ teastep@shorewall.net
>
>