I am trying to set up some user filters to deny access to certain ports,
specifically ports that are used by Back Orifice and the like.
We have a pm2 using comos 3.7 the filter installed is a user filter
as shown below:
nobo.out
1 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 53
2 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 53
3 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 110
4 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 25
5 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 80
6 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 443
7 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 20
8 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 21
9 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 23
10 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 194
11 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 194
12 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 119
13 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 70
14 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 79
15 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 123
16 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 123
17 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 1645
18 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 1646
19 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 8080
20 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 8887
21 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 8888
22 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 43
23 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 43
24 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 37
25 permit 0.0.0.0/0 0.0.0.0/0 udp dst eq 37
We also have an empty nobo.in filter which will also contain permit/deny
rules once the one above is functional.
For some reason dns responses are not getting back to the user
They (I) can do anything as long as I use the numered IP address.
I do have an entry in the users file of Filter-Id ="nobo" which is
attached to a user.
Any help that you can provide would be most appreciated.
Regards
Jakob Ovine
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>