Subj : Re: Opening up Telnet :P
To   : Kevin Nunn
From : digimaus
Date : Sat Mar 19 2022 21:04:07

-=> Kevin Nunn wrote to All <=-

 KN> At first I was having trouble figuring it out but then I started to
 KN> grasp the concept again of how iptables type stuff works and got it
 KN> working. Although I am doing it the opposite of how I probably should,
 KN> since it only has a few ports forwarded to it, the box should be fine.

The way the AIX firewall requires you to enter the subnet for the IP address
instead of the CIDR range made me think for a bit until I started using an
online subnet calculator. <G>

 KN> This seemed like a better idea than deny everything, block by IP, then
 KN> permit specific ports (binkd/telnet/vnc/ftp/etc).

Make sure that the last rule you have is "deny everything".  The firewall
won't work right unless you put that rule in.

I originally used that firewall because a particular Russian in Fidonet
thought it fun to try to SYN flood me.  Stopped him in his tracks.

I really don't have that many issues now.  My telnet port gets hammered a
bit but I have to set up a fail2ban jail for telnet offenders.

-- Sean

.... Crane's Law: there ain't no such thing as a free lunch.
--- MultiMail/Linux
 * Origin: Outpost BBS * Johnson City, TN (618:618/1)

.