Hi guys
im trying to come up with an ipfilter config for the cable modem which restricts telnet access to the modem (without blocking telnet for the customer to the internet)
our modems administrative interfaces are always withing 10/8 and we want to restrict to a set range of admin ips, lets call them 192.0.1.0/24 for the sake of argument.
so far ive only managed to block telnet completely, or do nothing.
any input is appreciated
Dean
--
## start telnet section
## this filters applies to all (ie it uses ifindex 0)
## allow 192.0.1.0/24 10.0.0.0/8
docsDevFilterIpStatus.10,INTEGER,createAndGo
docsDevFilterIpControl.10,INTEGER,accept
docsDevFilterIpIfIndex.10,INTEGER,0
docsDevFilterIpDirection.10,INTEGER,both
docsDevFilterIpBroadcast.10,INTEGER,false
docsDevFilterIpSaddr.10,IPADDRESS,192.0.1.0
docsDevFilterIpSmask.10,IPADDRESS,255.255.255.0
docsDevFilterIpDaddr.10,IPADDRESS,10.0.0.0
docsDevFilterIpDmask.10,IPADDRESS,255.0.0.0
docsDevFilterIpProtocol.10,INTEGER,6
docsDevFilterIpSourcePortLow.10,INTEGER,0
docsDevFilterIpSourcePortHigh.10,INTEGER,65535
docsDevFilterIpDestPortLow.10,INTEGER,23
docsDevFilterIpDestPortHigh.10,INTEGER,23
## Deny everything else to 10.0.0.0/8
docsDevFilterIpStatus.12,INTEGER,createAndGo
docsDevFilterIpControl.12,INTEGER,discard
docsDevFilterIpIfIndex.12,INTEGER,0
docsDevFilterIpDirection.12,INTEGER,both
docsDevFilterIpBroadcast.12,INTEGER,false
docsDevFilterIpSaddr.12,IPADDRESS,0.0.0.0
docsDevFilterIpSmask.12,IPADDRESS,0.0.0.0
docsDevFilterIpDaddr.12,IPADDRESS,10.0.0.0
docsDevFilterIpDmask.12,IPADDRESS,255.0.0.0
docsDevFilterIpProtocol.12,INTEGER,6
docsDevFilterIpSourcePortLow.12,INTEGER,0
docsDevFilterIpSourcePortHigh.12,INTEGER,65535
docsDevFilterIpDestPortLow.12,INTEGER,23
docsDevFilterIpDestPortHigh.12,INTEGER,23
#### end telnet section