PDA

View Full Version : blocking port over LAN

sean
01-21-2002, 11:04 PM
so, say i want to block a certain port (e.g., 3245). to do this, i type, "sudo ipfw add 0 deny udp from any to any 3245" in the terminal. the problem is that i have to do this each time i start up. i have tried brickhouse or something like that and lost complete internet connection -- in other words, that wasn't a viable option for this user.

i tried blocking this port on my linksys router, but it doesn't seem to apply it from computer to computer in the LAN. is there such a thing as an applescript being placed in the login list of programs to start up automatically or will i have to type this in the terminal each time? any other potential solutions?
cram
01-22-2002, 05:22 AM
You should give another try to BrickHouse (or another ipfw front-end). It does exactly what you want to do... and if you want to install only your rule, it's also possible to remove all the default rules.

By the way, there is no reason to lose all connectivity with those default rules : the "only" thing they do is prevent "from the outside" connection.
Novajo
01-22-2002, 02:44 PM
Regarding ipfw: it can block both incoming and outgoing connections if you want it to. When you set up a rule, you can apply it to incoming packets with "in"

/sbin/ipfw add allow ip from any to any in via en0

or outgoing packets with "out":

/sbin/ipfw add allow ip from any to any out via en0

A bit more details here (http://www3.sympatico.ca/dccote/firewall.html).
1701E
01-22-2002, 07:42 PM
This website had a nice article on configuring ipfw to start on boot, and hence negate the issue of having to retype your block on the port every time. Perhaps you'll find it useful.

http://wopr.norad.org/articles/firewall/

I should note that the part that will interest you is about 4 clicks into the article on http://wopr.norad.org/articles/firewall/booting.html

If you havn't read this article I'd really recommend it.
sean
01-23-2002, 08:35 PM
thanx guys...just what i needed.
sean
01-25-2002, 12:21 AM
hmmm. can someone look at my link and see if you see my problem? TIA.
Click here please (http://www2.gvsu.edu/~lancasts/firewall.html)
diamondblast
01-02-2009, 01:38 PM
thanks a lot i also didn't manage with blocking some ports;
this was a very usefull link :)