Date: Wed, 26 Nov 2008 08:13:06 -0600 From: eculp@casasponti.net To: freebsd-questions@freebsd.org Subject: Re: firewall rules for bitlord, yahoo, limewire Message-ID: <20081126081306.17qwm4xcthtwcgw0o@intranet.casasponti.net> In-Reply-To: <492D51CB.9000201@a1poweruser.com> References: <492D51CB.9000201@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Fbsd1 <fbsd1@a1poweruser.com> escribi=F3: > These applications have predefined ports they use to start up the =20 > bi-directional packet conversation. But them unsolicited packeted =20 > come in from other pc nodes to share data using a wide range of high =20 > port numbers. IPFW, IPF, and PF don't seem to have a rule option to =20 > allow packs in/out based on program name that started the =20 > conversation. > > I thought i read in openbsd pf manual that pf state processing will =20 > allow applications like limewire to function normally by accepting =20 > the inbound high number port to pass through the firewall. > > I have inclusive firewall rule set which means only packets matching > the rules are passed through. The inbound hight port numbers are > blocked by design. > > How do other firewall users code rules to allow limewire to work? Hmmm. Isn't life interesting. I would like to know how to block them =20 and others without causing strange secondary problems. Actually a default pf configuration will let them pass unless I'm =20 forgetting something important. ed > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or= g" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081126081306.17qwm4xcthtwcgw0o>