Date: Thu, 12 Feb 1998 15:09:18 +0000 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Patrick Gardella <patrick@cre8tivegroup.com> Cc: Terry Todd <tlt@tltodd.com>, freebsd-questions@FreeBSD.ORG Subject: Re: using ipfw to block icq Message-ID: <34E3109E.B58D3F4@tdx.co.uk> References: <XFMail.980212092423.patrick@cre8tivegroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Why don't you turn this all around - and block everything, then allow through the stuff you do want (e.g. dns, www etc.) - which by it's definition will block ICQ, IRC - and everything else that comes out and is new etc.. Implicit Denial policies like this are often more secure as well... Kp Patrick Gardella wrote: > > I've got the opposite problem. Somewhere ICQ is being blocked for me, but > shouldn't be. > > ICQ sends it's stuff mainly on port 4000. But the app allows you to get around > firewalls and seems to be specifically designed for this. The typical user to > user stuff is supposed to take place between UDP ports 2000 and 4000, although > I've found it uses UDP 1190-1237 (Which is where I was blocked). Don't ask why! > > Patrick > > On 11-Feb-98 Terry Todd wrote: > > > > Anybody know how to block ICQ traffic? I have ipfw set up and it does > > a fine job of blocking IRC traffic. Now there's new thing called ICQ > > that I'm not sure how to block. I am using my Freebsd system as a > > firewall between a network of windoze systems and the internet. ICQ > > is running on the windoze system. Anybody know how this works? > > > > Thanks, > > Terry Todd > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34E3109E.B58D3F4>