Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Mar 1999 01:37:35 +0000
From:      Ben Smithurst <ben@scientia.demon.co.uk>
To:        wildcardus freakis <wildcard@dax.belen.k12.nm.us>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Ports Used for ICQ and MIRC
Message-ID:  <19990311013735.B1144@scientia.demon.co.uk>
In-Reply-To: <Pine.BSF.3.96.990310160025.16889B-100000@dax.belen.k12.nm.us>
References:  <Pine.BSF.3.96.990310160025.16889B-100000@dax.belen.k12.nm.us>
next in thread | previous in thread | raw e-mail | index | archive | help 
wildcardus freakis wrote:

> logs indicated that was not the case...the offending party is, I think ICQ
> and MIRC...so I want to block access to these from our firewall...does
> anyone know of the ports that these connections either come in on or go
> out of so that I can add these to the deny line?

I think IRC uses ports 6660 to 6670. Maybe not all, but I think it's
somewhere in that range. 6667 is a common one I think, but others close
to that are also used. If in doubt, check with netstat or tcpdump.

With firewalls, it's probably a good idea to block all local services
off, except stuff you need to allow.

e.g., I have

00100 421833 196135466 allow tcp from any to any established
00200     57      2508 allow tcp from any to 212.228.14.13 25
00300     64      2832 allow tcp from any to 212.228.14.13 113
00400    632     27808 allow tcp from any to 212.228.14.13 80
00500  48516   3325735 allow ip from 212.228.14.13 to any via tun0
00600  19708   2549686 allow ip from 127.0.0.1 to 127.0.0.1 via lo0
00700    924    235617 allow udp from any 53 to 212.228.14.13
00800    381     28956 allow udp from any 123 to 212.228.14.13 123
00900      0         0 deny log tcp from any to 212.228.14.13 6000-6063
01000      0         0 deny log tcp from any to 212.228.14.13 8080-8081
01100      3       132 allow tcp from any to 212.228.14.13 1024-65535
01200     44      3696 allow icmp from any to 212.228.14.13
01300      0         0 deny log ip from any to any
65535      0         0 deny ip from any to any

which I think is about as restrictive as I can make it and still have
things working. This is for a single host only though, so your situation
is likely to be very different. If anyone has any comments/criticisms on
my firewall setup, let me know.

-- 
Ben Smithurst
ben@scientia.demon.co.uk

send a blank message to ben+pgp@scientia.demon.co.uk for PGP key


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990311013735.B1144>