Date: Thu, 11 Mar 1999 01:37:35 +0000 From: Ben Smithurst <ben@scientia.demon.co.uk> To: wildcardus freakis <wildcard@dax.belen.k12.nm.us> Cc: freebsd-questions@freebsd.org Subject: Re: Ports Used for ICQ and MIRC Message-ID: <19990311013735.B1144@scientia.demon.co.uk> In-Reply-To: <Pine.BSF.3.96.990310160025.16889B-100000@dax.belen.k12.nm.us> References: <Pine.BSF.3.96.990310160025.16889B-100000@dax.belen.k12.nm.us>
next in thread | previous in thread | raw e-mail | index | archive | help
wildcardus freakis wrote: > logs indicated that was not the case...the offending party is, I think ICQ > and MIRC...so I want to block access to these from our firewall...does > anyone know of the ports that these connections either come in on or go > out of so that I can add these to the deny line? I think IRC uses ports 6660 to 6670. Maybe not all, but I think it's somewhere in that range. 6667 is a common one I think, but others close to that are also used. If in doubt, check with netstat or tcpdump. With firewalls, it's probably a good idea to block all local services off, except stuff you need to allow. e.g., I have 00100 421833 196135466 allow tcp from any to any established 00200 57 2508 allow tcp from any to 212.228.14.13 25 00300 64 2832 allow tcp from any to 212.228.14.13 113 00400 632 27808 allow tcp from any to 212.228.14.13 80 00500 48516 3325735 allow ip from 212.228.14.13 to any via tun0 00600 19708 2549686 allow ip from 127.0.0.1 to 127.0.0.1 via lo0 00700 924 235617 allow udp from any 53 to 212.228.14.13 00800 381 28956 allow udp from any 123 to 212.228.14.13 123 00900 0 0 deny log tcp from any to 212.228.14.13 6000-6063 01000 0 0 deny log tcp from any to 212.228.14.13 8080-8081 01100 3 132 allow tcp from any to 212.228.14.13 1024-65535 01200 44 3696 allow icmp from any to 212.228.14.13 01300 0 0 deny log ip from any to any 65535 0 0 deny ip from any to any which I think is about as restrictive as I can make it and still have things working. This is for a single host only though, so your situation is likely to be very different. If anyone has any comments/criticisms on my firewall setup, let me know. -- Ben Smithurst ben@scientia.demon.co.uk send a blank message to ben+pgp@scientia.demon.co.uk for PGP key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990311013735.B1144>