Subject: Re: Looking for Port Numbers for IPF
To: J. Buck Caldwell <buckaroo@liveround.com>
From: Michael Kukat <michael@unixiron.org>
List: netbsd-users
Date: 07/12/2001 18:38:55
Hello,
On Thu, 12 Jul 2001, J. Buck Caldwell wrote:
> My employer has asked that I block access to instant messenger services
> like ICQ, MS Messenger, AIM, and YIM. I know ICQ used port 4000 at one
> time, is that still the case? What ports do these other services use?
> Any help would be appreciated. I checked IANA's well-known port list,
> but it wasn't much help - doesn't list any specific service except ICQ,
> which conflicts with another previously-registered service (which is why
> I was wondering if it changed).
Here we go for AIM and ICQ in my setup at home:
# ICQ/AIM
pass in proto tcp from 192.168.177.0/24 to any port = 5190 keep state group 110
pass out proto tcp from 192.168.177.0/24 to any port = 5190 keep state group 360
pass in proto udp from 192.168.177.0/24 to any port = 4000 keep state group 120
pass out proto udp from 192.168.177.0/24 to any port = 4000 keep state group 370
This allows ports 5190/tcp and 4000/udp to go out the way over my firewall.
Keep state is useful (i just assume you are running stateful inspection),
groups are nice to have for performance reasons.
I use groups 100/150 for internal ethernet in/out, 300/350 for internet in/out,
and the subgroups are +10 for tcp, +20 for udp and +30 for icmp, with the
default blocked in any case.
...Michael
--
visit http://www.bsdfans.org/ Home network powered by: NetBSD OpenBSD FreeBSD
Solaris HP-UX IRIX AIX MUNIX Tru64 Ultrix VMS SINIX Dolphin_Unix OpenStep MacOS