From owner-freebsd-questions  Thu Feb 12 07:09:59 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA07302
          for questions-outgoing; Thu, 12 Feb 1998 07:09:59 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA07257
          for <freebsd-questions@FreeBSD.ORG>; Thu, 12 Feb 1998 07:09:50 -0800 (PST)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.7/8.8.7) with ESMTP id PAA13713;
	Thu, 12 Feb 1998 15:09:18 GMT
	(envelope-from kpielorz@tdx.co.uk)
Message-ID: <34E3109E.B58D3F4@tdx.co.uk>
Date: Thu, 12 Feb 1998 15:09:18 +0000
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.04 [en] (WinNT; I)
MIME-Version: 1.0
To: Patrick Gardella <patrick@cre8tivegroup.com>
CC: Terry Todd <tlt@tltodd.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: using ipfw to block icq
References: <XFMail.980212092423.patrick@cre8tivegroup.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Why don't you turn this all around - and block everything, then allow through
the stuff you do want (e.g. dns, www etc.) - which by it's definition will
block ICQ, IRC - and everything else that comes out and is new etc..

Implicit Denial policies like this are often more secure as well...

Kp

Patrick Gardella wrote:
> 
> I've got the opposite problem.  Somewhere ICQ is being blocked for me, but
> shouldn't be.
> 
> ICQ sends it's stuff mainly on port 4000.  But the app allows you to get around
> firewalls and seems to be specifically designed for this.  The typical user to
> user stuff is supposed to take place between UDP ports 2000 and 4000, although
> I've found it uses UDP 1190-1237 (Which is where I was blocked).  Don't ask why!
> 
> Patrick
> 
> On 11-Feb-98 Terry Todd wrote:
> >
> > Anybody know how to block ICQ traffic?  I have ipfw set up and it does
> > a fine job of blocking IRC traffic.  Now there's new thing called ICQ
> > that I'm not sure how to block.  I am using my Freebsd system as a
> > firewall between a network of windoze systems and the internet.  ICQ
> > is running on the windoze system.  Anybody know how this works?
> >
> > Thanks,
> > Terry Todd
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe questions" in the body of the message
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe questions" in the body of the message