blocking port over LAN

sean · 01-21-2002, 11:04 PM

so, say i want to block a certain port (e.g., 3245). to do this, i type, "sudo ipfw add 0 deny udp from any to any 3245" in the terminal. the problem is that i have to do this each time i start up. i have tried brickhouse or something like that and lost complete internet connection -- in other words, that wasn't a viable option for this user.

i tried blocking this port on my linksys router, but it doesn't seem to apply it from computer to computer in the LAN. is there such a thing as an applescript being placed in the login list of programs to start up automatically or will i have to type this in the terminal each time? any other potential solutions?

cram · 01-22-2002, 05:22 AM

You should give another try to BrickHouse (or another ipfw front-end). It does exactly what you want to do... and if you want to install only your rule, it's also possible to remove all the default rules.

By the way, there is no reason to lose all connectivity with those default rules : the "only" thing they do is prevent "from the outside" connection.

Novajo · 01-22-2002, 02:44 PM

Regarding ipfw: it can block both incoming and outgoing connections if you want it to. When you set up a rule, you can apply it to incoming packets with "in"

/sbin/ipfw add allow ip from any to any in via en0

or outgoing packets with "out":

/sbin/ipfw add allow ip from any to any out via en0

A bit more details here.

1701E · 01-22-2002, 07:42 PM

This website had a nice article on configuring ipfw to start on boot, and hence negate the issue of having to retype your block on the port every time. Perhaps you'll find it useful.

http://wopr.norad.org/articles/firewall/

I should note that the part that will interest you is about 4 clicks into the article on http://wopr.norad.org/articles/firewall/booting.html

If you havn't read this article I'd really recommend it.

sean · 01-23-2002, 08:35 PM

thanx guys...just what i needed.

sean · 01-25-2002, 12:21 AM

hmmm. can someone look at my link and see if you see my problem? TIA.
Click here please

diamondblast · 01-02-2009, 01:38 PM

thanks a lot i also didn't manage with blocking some ports;
this was a very usefull link

01-21-2002, 11:04 PM	#1
sean Prospect Join Date: Jan 2002 Posts: 9	blocking port over LAN so, say i want to block a certain port (e.g., 3245). to do this, i type, "sudo ipfw add 0 deny udp from any to any 3245" in the terminal. the problem is that i have to do this each time i start up. i have tried brickhouse or something like that and lost complete internet connection -- in other words, that wasn't a viable option for this user. i tried blocking this port on my linksys router, but it doesn't seem to apply it from computer to computer in the LAN. is there such a thing as an applescript being placed in the login list of programs to start up automatically or will i have to type this in the terminal each time? any other potential solutions? __________________ -sean

01-22-2002, 05:22 AM	#2
cram Prospect Join Date: Jan 2002 Location: Paris, France Posts: 2	Why not BrickHouse ? You should give another try to BrickHouse (or another ipfw front-end). It does exactly what you want to do... and if you want to install only your rule, it's also possible to remove all the default rules. By the way, there is no reason to lose all connectivity with those default rules : the "only" thing they do is prevent "from the outside" connection.

01-22-2002, 02:44 PM	#3
Novajo Triple-A Player Join Date: Jan 2002 Location: Toronto, Canada Posts: 185	ipfw blocking both incoming and outgoing connections Regarding ipfw: it can block both incoming and outgoing connections if you want it to. When you set up a rule, you can apply it to incoming packets with "in" /sbin/ipfw add allow ip from any to any in via en0 or outgoing packets with "out": /sbin/ipfw add allow ip from any to any out via en0 A bit more details here.

01-22-2002, 07:42 PM	#4
1701E Prospect Join Date: Jan 2002 Posts: 5	This website had a nice article on configuring ipfw to start on boot, and hence negate the issue of having to retype your block on the port every time. Perhaps you'll find it useful. http://wopr.norad.org/articles/firewall/ I should note that the part that will interest you is about 4 clicks into the article on http://wopr.norad.org/articles/firewall/booting.html If you havn't read this article I'd really recommend it. __________________ -Joseph Last edited by 1701E; 01-22-2002 at 07:44 PM.

01-23-2002, 08:35 PM	#5
sean Prospect Join Date: Jan 2002 Posts: 9	thanx guys...just what i needed. __________________ -sean

01-25-2002, 12:21 AM	#6
sean Prospect Join Date: Jan 2002 Posts: 9	hmmm. can someone look at my link and see if you see my problem? TIA. Click here please __________________ -sean

01-02-2009, 01:38 PM	#7
diamondblast Prospect Join Date: Sep 2008 Posts: 5	thanks a lot i also didn't manage with blocking some ports; this was a very usefull link

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: