Thank You, Tom!
The last lines (REJECT ...) were enough for me! This is answer for my
problem - I can now deny access from inside of our network to outside (the
"problem" is with couple of users).
With Best Regards,
Janek.
----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>
To: "Janek" <janekj@online.ee>;
<shorewall-users@shorewall.net>
Sent: Friday, November 08, 2002 4:33 PM
Subject: Re: [Shorewall-users] How to deny telnet for several users?
>
>
> --On Friday, November 08, 2002 12:51 PM +0200 Janek
<janekj@online.ee>
> wrote:
>
> > Hi everybody!
> > I got a problem. I have to deny a telnet (port 23) for several users
in
> > our network. It''s better they can''t connect with
other computers via
this> > port. Let''s say their IPs are 192.168.0.2 / 192.168.0.5.
> > Please help me!
>
> You cannot use your firewall to stop computers on a single LAN segment
from> communicating with each other because that traffic doesn''t go
through your
> firewall. You could stop them from telneting to the net by a rules such
as:>
> REJECT loc:192.168.0.2 net tcp 23
> REJECT loc:192.168.0.3 net tcp 23
> ...
>
> -Tom
> --
> Tom Eastep \ Shorewall - iptables made easy
> AIM: tmeastep \ http://www.shorewall.net
> ICQ: #60745924 \ teastep@shorewall.net
>
>