Freesco 0.3.8 ban / accept policies

Support section for FREESCO v0.3.x

Freesco 0.3.8 ban / accept policies

Postby lotus123r5 » Wed Dec 12, 2012 1:49 pm

Best Freesco Support,
I'am wondering if it is possible to accept only external IP-adresses who connect to a port (for example port 6666) to make a connection forward to other machines in my local network.
For example: only 3 external ip-adresses can make a connection to my Freesco ip: port forwarding 6666 to make a connection with remote desktop to my local computer on my local network.
The 3 external ip-adresses i want to configure in Freesco, so they are able to make the connection on port: 6666 to my local computer.
Other external ip-adresses will be blocked/banned imediately (so other external ip-adresses are not allowed to make this connection)
Is it possible to configure this in Freesco 0.3.8? Hope that my explenation is enough to understand.... Thanx in advanced! Grz, Maikel.
User avatar
lotus123r5
Member
 
Posts: 61
Joined: Sat Oct 04, 2008 7:58 am

Re: Freesco 0.3.8 ban / accept policies

Postby Lightning » Wed Dec 12, 2012 9:09 pm

Yes it is possible, but not with the ban control system. You will need to do this manually in the rc/rc_user script.
edit /rc/rc_user
Code: Select all
firewall)
   ipfwadm -I -i reject -P tcp -W $INET -D 0/0 6666  $LOG
   ipfwadm -I -i accept -P tcp -W $INET -S XXX.XXX.XXX.XXX -D 0/0 6666 $LOG
   ipfwadm -I -i accept -P tcp -W $INET -S XXX.XXX.XXX.XXX -D 0/0 6666 $LOG
   ipfwadm -I -i accept -P tcp -W $INET -S XXX.XXX.XXX.XXX -D 0/0 6666 $LOG
   ;;

F10 # save
rc_masq restart

Change the XXX.XXX.XXX.XXX's in the above to the IP addresses that you want to allow connections to port 6666 and it should do what you are wanting. If you also need UDP as well you will need to add the above entries again with the '-P tcp' changed to '-P udp'. But not many applications should ever need UDP other than possibly games. Also be aware that the above rules are order specific, so do not change the order they are shown in. $LOG is not a required entry, but it can be included in logging if you have enabled the 'extended' firewall logging as well. Without extended logging enabled the '$LOG' does not do anything.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: Freesco 0.3.8 ban / accept policies

Postby lotus123r5 » Sun Dec 16, 2012 6:23 am

Djeeeeeeeee, i really tought iam asking an impossible question now, and never tought to get an solution.... but... Lightning, really Thx for your great explanation again !!!
U make my weekend again! After i do this i have to do the following command: "/mnt/router/rc/rc_user restart". Is that enough to effect the change, or do i have to restart more "services"?
Thx Thx Thx Thx and Thx!! again

-------------------------------------------------------------------------------------------------------------
hmmmmmmmm sorry, i think i have to buy some glasses, you allready explain that too:
F10 # save
rc_masq restart

Thx again!!!
User avatar
lotus123r5
Member
 
Posts: 61
Joined: Sat Oct 04, 2008 7:58 am

Re: Freesco 0.3.8 ban / accept policies

Postby Lightning » Mon Dec 17, 2012 3:12 am

To effect the firewall you must always use

rc_masq restart

As for not seeing it the first time, hehe I do that my self quite often. So nothing to worry about.

P.S. let me know if it does what you are asking because I am adding this as a new feature in 0.4.5 restriction file and I want to be certain the rules are accurate.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA


Return to FREESCO Support for v0.3.x

Who is online

Users browsing this forum: No registered users and 4 guests

cron