Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Need Filter-Entry
Stefan M. Brandl wrote:
]
]I need a radius filter entry that allows smtp-connections only to one
]single host. Connections to any other host on port 25 should be denied.
]Connectoins on all other ports should be allowed to any host.
]
]Can anyone give me an example-entry?
So, you want to hand the filter off as part of the radius profile,
and you want the machine/user receiving the profile to only be
able to connect to the smtp port on a single machine, right?
Ascend-Data-Filter = "ip in forward dstip 1.2.3.4/32 tcp dstport = 25",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in forward 0 0 0",
Order is important. Packets are tested against filter rules in order.
When they match one, that action is taken. If they match none, they
are dropped....unless there are none. In other words, since there are no
"out" filters listed above, there doesn't need to be any explicit
"out" forward filters. The logic above is:
1) if the tcp/ip packet is destined for 1.2.3.4 port smtp, forward it.
2) if the tcp/ip packet has a dest port of smtp, drop it.
3) forward all ip packets.
___________________________________________________________________________
Joe Pautler University at Buffalo
CIT/OSS Network Engineering 224 Computing Center
http://www.oss.buffalo.edu/~pautler (716) 645-3536
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups:
References: