Hello,

On Thu, 12 Jul 2001, J. Buck Caldwell wrote:
> My employer has asked that I block access to instant messenger services
> like ICQ, MS Messenger, AIM, and YIM. I know ICQ used port 4000 at one
> time, is that still the case? What ports do these other services use?
> Any help would be appreciated. I checked IANA's well-known port list,
> but it wasn't much help - doesn't list any specific service except ICQ,
> which conflicts with another previously-registered service (which is why
> I was wondering if it changed).

Here we go for AIM and ICQ in my setup at home:

# ICQ/AIM
pass  in  proto tcp from 192.168.177.0/24   to any       port = 5190   keep state group 110
pass  out proto tcp from 192.168.177.0/24   to any       port = 5190   keep state group 360
pass  in  proto udp from 192.168.177.0/24   to any       port = 4000   keep state group 120
pass  out proto udp from 192.168.177.0/24   to any       port = 4000   keep state group 370

This allows ports 5190/tcp and 4000/udp to go out the way over my firewall.
Keep state is useful (i just assume you are running stateful inspection),
groups are nice to have for performance reasons.

I use groups 100/150 for internal ethernet in/out, 300/350 for internet in/out,
and the subgroups are +10 for tcp, +20 for udp and +30 for icmp, with the
default blocked in any case.

...Michael

-- 
visit http://www.bsdfans.org/   Home network powered by: NetBSD OpenBSD FreeBSD
Solaris HP-UX IRIX AIX MUNIX Tru64 Ultrix VMS SINIX Dolphin_Unix OpenStep MacOS