Page 1 of 1

Freesco 0.3.8 ban / accept policies

PostPosted: Wed Dec 12, 2012 1:49 pm
by lotus123r5
Best Freesco Support,
I'am wondering if it is possible to accept only external IP-adresses who connect to a port (for example port 6666) to make a connection forward to other machines in my local network.
For example: only 3 external ip-adresses can make a connection to my Freesco ip: port forwarding 6666 to make a connection with remote desktop to my local computer on my local network.
The 3 external ip-adresses i want to configure in Freesco, so they are able to make the connection on port: 6666 to my local computer.
Other external ip-adresses will be blocked/banned imediately (so other external ip-adresses are not allowed to make this connection)
Is it possible to configure this in Freesco 0.3.8? Hope that my explenation is enough to understand.... Thanx in advanced! Grz, Maikel.

Re: Freesco 0.3.8 ban / accept policies

PostPosted: Wed Dec 12, 2012 9:09 pm
by Lightning
Yes it is possible, but not with the ban control system. You will need to do this manually in the rc/rc_user script.
edit /rc/rc_user
Code: Select all
firewall)
   ipfwadm -I -i reject -P tcp -W $INET -D 0/0 6666  $LOG
   ipfwadm -I -i accept -P tcp -W $INET -S XXX.XXX.XXX.XXX -D 0/0 6666 $LOG
   ipfwadm -I -i accept -P tcp -W $INET -S XXX.XXX.XXX.XXX -D 0/0 6666 $LOG
   ipfwadm -I -i accept -P tcp -W $INET -S XXX.XXX.XXX.XXX -D 0/0 6666 $LOG
   ;;

F10 # save
rc_masq restart

Change the XXX.XXX.XXX.XXX's in the above to the IP addresses that you want to allow connections to port 6666 and it should do what you are wanting. If you also need UDP as well you will need to add the above entries again with the '-P tcp' changed to '-P udp'. But not many applications should ever need UDP other than possibly games. Also be aware that the above rules are order specific, so do not change the order they are shown in. $LOG is not a required entry, but it can be included in logging if you have enabled the 'extended' firewall logging as well. Without extended logging enabled the '$LOG' does not do anything.

Re: Freesco 0.3.8 ban / accept policies

PostPosted: Sun Dec 16, 2012 6:23 am
by lotus123r5
Djeeeeeeeee, i really tought iam asking an impossible question now, and never tought to get an solution.... but... Lightning, really Thx for your great explanation again !!!
U make my weekend again! After i do this i have to do the following command: "/mnt/router/rc/rc_user restart". Is that enough to effect the change, or do i have to restart more "services"?
Thx Thx Thx Thx and Thx!! again

-------------------------------------------------------------------------------------------------------------
hmmmmmmmm sorry, i think i have to buy some glasses, you allready explain that too:
F10 # save
rc_masq restart

Thx again!!!

Re: Freesco 0.3.8 ban / accept policies

PostPosted: Mon Dec 17, 2012 3:12 am
by Lightning
To effect the firewall you must always use

rc_masq restart

As for not seeing it the first time, hehe I do that my self quite often. So nothing to worry about.

P.S. let me know if it does what you are asking because I am adding this as a new feature in 0.4.5 restriction file and I want to be certain the rules are accurate.