Re: [m0n0wall] Stupid Question regarding Rules

From:	Sven Brill <madde at gmx dot net>
To:	Sebastian Davie <sd at clients dot ch>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Stupid Question regarding Rules
Date:	Sun, 14 Jan 2007 08:19:19 -0500

Sebastian Davie wrote:
>
> Source Port range=FTP/FTP
>
> Desitnation=Any
>
> Destination port range=FTP/FTP
>
>   
set the source port to any instead of FTP. The client uses a (semi) 
random high port, like in most other protocols. Just note that this only 
blocks connections to FTP sites outside the LAN. You mentioned you have 
trouble with "file sharing" - if you mean peer-to-peer file sharing, you 
have other problems, as those rarely go to destination port 21. There 
are default ports for most p2p protocols, but no guarantee that everyone 
uses them. You can look up the standard ports for bittorrent, kazaa, 
limewire, edonkey, etc. and try to block those, but there will still be 
p2p traffic going on. Instead of completely blocking, you might want to 
look into the traffic shaper.

Sven