Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Need Filter-Entry
In article <x41zyc8tog.fsf@adamc.noc.colt.net> you wrote:
> Adam Chappell <adamc@adamc.noc.colt.net> writes:
>
>> > I need a radius filter entry that allows smtp-connections only to one
>> > single host. Connections to any other host on port 25 should be denied.
>> > Connectoins on all other ports should be allowed to any host.
>> >
>> > Can anyone give me an example-entry?
>>
>> # Allow TCP to and from goodhost [1.2.3.4] on SMTP port
>> Ascend-Data-Filter = "ip in forward dstip 1.2.3.4/32 tcp dstport = 25"
>> Ascend-Data-Filter = "ip out forward srcip 1.2.3.4/32 tcp srcport = 25"
>>
>> # Allow any TCP where the port involved is not SMTP
>> Ascend-Data-Filter = "ip in forward tcp dstport != 25"
>> Ascend-Data-Filter = "ip out forward tcp srcport != 25"
>
> Duh! I'm not thinking straight this morning. Get rid of the 'tcp' from
> all of these entries as well, otherwise I think you'll lose every
> other protocol in the implicit drop rule :<
>
> Ascend-Data-Filter = "ip in forward dstip 1.2.3.4/32 dstport = 25"
> Ascend-Data-Filter = "ip out forward srcip 1.2.3.4/32 srcport = 25"
> Ascend-Data-Filter = "ip in forward dstport != 25"
> Ascend-Data-Filter = "ip out forward srcport != 25"
>
Hi Adam,
thanks for your reply, but that filter doesn't work :-(
I still can make connections on port 25 to any host.
Stefan
--
"God is real - unless declared integer" | Passauer Neue Medien GmbH
-- UniDo-Informatikerklo | Medienstrasse 5
| 94036 Passau
| http://www.pnm.net
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups:
References: