From owner-freebsd-questions@FreeBSD.ORG Wed Nov 26 14:13:10 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B2A221065675 for ; Wed, 26 Nov 2008 14:13:10 +0000 (UTC) (envelope-from eculp@casasponti.net) Received: from ns2.bafirst.com (72-12-2-19.static.networktel.net [72.12.2.19]) by mx1.freebsd.org (Postfix) with ESMTP id 5D15A8FC12 for ; Wed, 26 Nov 2008 14:13:10 +0000 (UTC) (envelope-from eculp@casasponti.net) Received: from casasponti.net ([201.155.7.3]) by ns2.bafirst.com with esmtp; Wed, 26 Nov 2008 08:13:07 -0600 id 000D527E.492D5974.0000813C Received: from localhost (localhost [127.0.0.1]) (uid 80) by casasponti.net with local; Wed, 26 Nov 2008 08:13:06 -0600 id 00130E15.492D5972.0000716C Received: from dsl-189-190-3-105.prod-infinitum.com.mx (dsl-189-190-3-105.prod-infinitum.com.mx [189.190.3.105]) by intranet.casasponti.net (Horde Framework) with HTTP; Wed, 26 Nov 2008 08:13:06 -0600 Message-ID: <20081126081306.17qwm4xcthtwcgw0o@intranet.casasponti.net> Date: Wed, 26 Nov 2008 08:13:06 -0600 From: eculp@casasponti.net To: freebsd-questions@freebsd.org References: <492D51CB.9000201@a1poweruser.com> In-Reply-To: <492D51CB.9000201@a1poweruser.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (5.0-cvs) X-Remote-Browser: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.18) Gecko/20081114 Firefox/2.0.0.18 X-IMP-Server: 201.155.7.3 X-Originating-IP: 189.190.3.105 X-Originating-User: eculp@casasponti.net Subject: Re: firewall rules for bitlord, yahoo, limewire X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2008 14:13:10 -0000 Fbsd1 escribi=F3: > These applications have predefined ports they use to start up the =20 > bi-directional packet conversation. But them unsolicited packeted =20 > come in from other pc nodes to share data using a wide range of high =20 > port numbers. IPFW, IPF, and PF don't seem to have a rule option to =20 > allow packs in/out based on program name that started the =20 > conversation. > > I thought i read in openbsd pf manual that pf state processing will =20 > allow applications like limewire to function normally by accepting =20 > the inbound high number port to pass through the firewall. > > I have inclusive firewall rule set which means only packets matching > the rules are passed through. The inbound hight port numbers are > blocked by design. > > How do other firewall users code rules to allow limewire to work? Hmmm. Isn't life interesting. I would like to know how to block them =20 and others without causing strange secondary problems. Actually a default pf configuration will let them pass unless I'm =20 forgetting something important. ed > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or= g" >