Re: [m0n0wall] Stupid Question regarding Rules

From:	"Lee Sharp" <leesharp at hal dash pc dot org>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Stupid Question regarding Rules
Date:	Sun, 14 Jan 2007 11:47:53 -0600

From: "Sven Brill" <madde at gmx dot net>
> Sebastian Davie wrote:

>> Source Port range=FTP/FTP
>>
>> Desitnation=Any
>>
>> Destination port range=FTP/FTP

> set the source port to any instead of FTP. The client uses a (semi) random 
> high port, like in most other protocols. Just note that this only blocks 
> connections to FTP sites outside the LAN. You mentioned you have trouble 
> with "file sharing" - if you mean peer-to-peer file sharing, you have 
> other problems, as those rarely go to destination port 21. There are 
> default ports for most p2p protocols, but no guarantee that everyone uses 
> them. You can look up the standard ports for bittorrent, kazaa, limewire, 
> edonkey, etc. and try to block those, but there will still be p2p traffic 
> going on. Instead of completely blocking, you might want to look into the 
> traffic shaper.

What he said. :-)  The p2p programs are designed to get around firewalls. 
You will need bandwidth limiting to get around that.

                                Lee