[lug] FTP services - disarming daemon

[Jarosko, Bill]

I would really like to have ftp for my own
use but looks like that's not even possible. DSL it is once I move next
month.

recieve requests from 192.168s? I can't log on now. And I can't remember
what I changed, obviously something but whatever it was didn't take affect
immediately.



How about instead of shutting down the service you just block outside traffic.
ipchains should work well enough for this.

I assume you have no ipchains rules as of yet, i.e. you haven't set up a firewall yet.

Exter = whatever interface your cable comes in on, i.e. eth0, ppp0, whatever.
hostip = your machines ip 

ipchains -A input -i $Exter -p tcp -s 0.0.0.0/0 1024:65535 -d $hostip 21 -j DENY 

Quick explanation: 

ipchains -A input   (append the input rule)
-i               (tells ipchains to watch this interface)
-p tcp           (tells ipchains which protocol)
-s               (this is the source switch, in this case we want all IP's so 0.0.0.0/0)
1024:65535       (the port numbers of remote machines used to connect to ftp)
-d               (destination switch, your ip addr and ftp port number(21))
-j               (policy, what should it do, in this case deny, it doesn't tell TCI(AT&T) it even exists)

that should do it, but if not, send another email.
And if you'd like to block telnet just change the port number from 21 to 23.