[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-users] firewalling and the different filesharing networks
|
From: |
Marc MERLIN |
|
Subject: |
[Mldonkey-users] firewalling and the different filesharing networks |
|
Date: |
Sun, 6 Apr 2003 12:16:44 -0700 |
|
User-agent: |
Mutt/1.4i |
So, I'm connected to all the networks mldonkey supports, I think:
http://marc.merlins.org/tmp/mldonkey.png
All my servers are firewalled, so I tried to write a list of iptables rules
that allow all the networks through.
I already allow any TCP or UDP traffic that is a response to a packet I
sent, and I then added the following rules.
I'm not sure I have anything to allow DC to work. I also know that I'm
rejecting many random TCP packets from random from and to tcp ports. It
could be DC, it could be something else. I'm kind of curious to know
which protocol I'm blocking here.
Either way, here's my current firewalling rules, I hope they can be
useful to people, and I'd welcome corrections and additions.
# Edonkey
$IPTABLES -A $IF -p tcp --dport 4661 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 4662 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 4664 -j ACCEPT
$IPTABLES -A $IF -p udp --dport 4665 -j ACCEPT
$IPTABLES -A $IF -p udp --dport 4668 -j ACCEPT
$IPTABLES -A $IF -p udp --dport 4672 -j ACCEPT
# needed apparently, don't ask why...
$IPTABLES -A $IF -p tcp --sport 4662 --dport 1024: -j ACCEPT
# Edonkey remote admin
$IPTABLES -A $IF -p tcp -s xxxx --dport 4663 -j ACCEPT
# overnet
$IPTABLES -A $IF -p udp --dport 13349 -j ACCEPT
# Oopps, I didn't realize 'till later that tcp was needed too. Maybe this
# prevented overnet from working before (see my previous post)
$IPTABLES -A $IF -p tcp --dport 13349 -j ACCEPT
# Gnutella
$IPTABLES -A $IF -p tcp --dport 6346 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 6347 -j ACCEPT
$IPTABLES -A $IF -p udp --dport 6346 -j ACCEPT
$IPTABLES -A $IF -p udp --dport 6347 -j ACCEPT
# napster
$IPTABLES -A $IF -p tcp --dport 8875 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 4444 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 5555 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 6666 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 7777 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 8888 -j ACCEPT
$IPTABLES -A $IF -p tcp --dport 6600:6699 -j ACCEPT
# Kazaa
$IPTABLES -A $IF -p tcp --dport 1214 -j ACCEPT
# Soulseek
$IPTABLES -A $IF -p tcp --dport 2234 -j ACCEPT
# Unknown FS ?
#$IPTABLES -A $IF -p tcp --dport 35000:37000 -j ACCEPT
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger address@hidden for PGP key
- [Mldonkey-users] firewalling and the different filesharing networks,
Marc MERLIN <=
- [Mldonkey-users] problem: Unable to match URL, Sergio Bayarri Gausi, 2003/04/06
- Re: [Mldonkey-users] problem: Unable to match URL, Sergio Bayarri Gausi, 2003/04/06
- Re: [Mldonkey-users] problem: Unable to match URL, Michael Panteleit, 2003/04/07
- Re: [Mldonkey-users] problem: Unable to match URL, Sergio Bayarri Gausi, 2003/04/07
- Re: [Mldonkey-users] problem: Unable to match URL, Roland Arendes, 2003/04/12
- Re: [Mldonkey-users] problem: Unable to match URL, Michael Panteleit, 2003/04/12
- Re: [Mldonkey-users] problem: Unable to match URL, Roland Arendes, 2003/04/13
- Re: [Mldonkey-users] problem: Unable to match URL, dagobert, 2003/04/13
- Re: [Mldonkey-users] problem: Unable to match URL, Christian Lange, 2003/04/13
- Re: [Mldonkey-users] problem: Unable to match URL, Christian Kohrn, 2003/04/13