From owner-freebsd-hackers Fri Oct 20 8:51:59 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from thehousleys.net (frenchknot.ne.mediaone.net [24.147.224.201]) by hub.freebsd.org (Postfix) with ESMTP id 0DFF337B4D7 for ; Fri, 20 Oct 2000 08:51:52 -0700 (PDT) Received: from thehousleys.net (baby.int.thehousleys.net [192.168.0.24]) by thehousleys.net (8.11.0/8.11.0) with ESMTP id e9KFpkQ63668; Fri, 20 Oct 2000 11:51:46 -0400 (EDT) (envelope-from jim@thehousleys.net) Message-ID: <39F06A10.8643A0B0@thehousleys.net> Date: Fri, 20 Oct 2000 11:51:44 -0400 From: James Housley X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Nate Williams Cc: freebsd-hackers@FreeBSD.ORG Subject: Blocking Napster (WAS: IPFW bug/incoming TCP connections being let in.) References: <200010192029.OAA25357@nomad.yogotech.com> <200010201546.JAA04367@nomad.yogotech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Nate Williams wrote: > > > I had blocked incoming TCP connections coming into my network using > > IPFW, and I noticed that my brother was able to establish a Napster > > connection, even though I had blocked it earlier. > > *sigh* > > Thanks to Guy Helmer for being patient with me as I fretted about this. > > I just found out that Napster leaves a client running in the background, > and even though I had added firewall rules to block new connections to > the server, the old 'established' connection was still up and running. > This might be helpful to you and others. Since napster uses what ever ports it can find the best way is to block the servers. # Napster $fwcmd add deny tcp from any to 208.178.163.56/29 via tun0 $fwcmd add deny tcp from any to 208.178.175.128/29 via tun0 $fwcmd add deny tcp from any to 208.49.239.240/28 via tun0 $fwcmd add deny tcp from any to 208.49.228.0/24 via tun0 $fwcmd add deny tcp from any to 208.184.216.0/24 via tun0 Jim -- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message