[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | SEAL |
|
| Moderator: | GALVIA::SMITH |
|
| Created: | Mon Mar 21 1994 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1989 |
| Total number of notes: | 8209 |
I was able to set up ftp and telnet groups on
AFWNT 1.1 using the \dfw\config\groups.acl.
Below are some examples of the entries in \dfw\config\groups.acl:
group ftp-puts-users is
*@172.16.16.67, # Comment
[email protected], # Comment
*@172.16.16.68, # Comment
[email protected] # Comment
;
group ftp-gets-users is
*@172.16.16.67, # Comment
[email protected], # Comment
*@172.16.16.68, # Comment
[email protected] # Comment
;
group telnet-users is
*@172.16.16.67, # Comment
[email protected], # Comment
*@172.16.16.68, # Comment
[email protected] # Comment
;
NOTE: When adding users make sure the last line of the group
conatins a ";", each entry is delimiated with a ","
and also the last entry does not contain a ",".
The \dfw\config\ftpxd-in.acl should look as follows:
allow ftp-puts-users initial-connection all-servers;
allow ftp-gets-users initial-connection all-servers;
allow ftp-puts-users puts red net;
allow ftp-gets-users gets red net;
The \dfw\config\telnetxd.acl should look as follows:
authentication "HHA";
include "/dfw/config/blacklist.acl";
include "/dfw/config/groups.acl";
include "/dfw/config/telnetxd-times.acl";
# include custom fules for this policy, if any
include "/dfw/config/telnetxd-custom.acl";
deny authenticated inside red net * all-servers;
deny unknown inside red net * all-servers;
#END BASE POLICY
# these are permissive rules, which need to be removed if
# the user specifies custom rules to restrict the policy
allow telnet-users telnet red net;
[Posted by WWW Notes gateway]
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1925.1 | cool | EEMELI::EINAMO | | Tue Apr 22 1997 10:32 | 5 |
| Thanks
I need this functionality also
Marko
|
| 1925.2 | Correction to telnetxd.acl | NNTPD::"[email protected]" | Chris Lingerfeldt | Wed Apr 23 1997 15:43 | 36 |
| I relized that I did not include an important line in the example
of the telnetxd.acl from the previous note.
Telnetxd.acl should contain the following line:
allow telnet-users telnet relay;
Below is an example of the entire file.
# AUTOMATICALLY GENERATED - DO NOT EDIT!!!
# this is the policy applying to telnet clients
#POLICY NUMBER:4
#ACCESS FROM INSIDE:Internal users may access all Internet servers
#ACCESS FROM OUTSIDE:None
#POLICY DESCRIPTION:Allow access from inside out.<P>
#POLICY DESCRIPTION:Deny all access from outside.
authentication "HHA";
include "/dfw/config/blacklist.acl"; #firewall blacklist
include "/dfw/config/groups.acl"; #firewall groups
include "/dfw/config/telnetxd-times.acl"; #time restrictions
# include custom rules for this policy, if any
include "/dfw/config/telnetxd-custom.acl";
deny authenticated inside red net * all-servers;
deny unknown inside red net * all-servers;
#END BASE POLICY
# these are permissive rules, which need to be removed if
# the user specifies custom rules to restrict the policy.
allow telnet-users telnet relay;
allow telnet-users telnet red net;
[Posted by WWW Notes gateway]
|