04-08-2007 09:36 PM - edited 03-11-2019 02:57 AM
Hi guys,
How do I block p2p apps at the firewall. based on ports don't really work right?
Thanks much,
py
04-08-2007 10:49 PM
Hi Paul,
Create an access-list and apply the access-group on outside interface.
I have configured the same and the internet utilization is drastically come down & worked fine for me.
Below is the list.
deny tcp any any eq 1214
deny udp any any eq 1214
deny tcp any any range 4661 4672
deny udp any any range 4661 4672
deny tcp any any eq 6257
deny udp any any eq 6257
deny tcp any any eq 6699
deny udp any any eq 6699
deny tcp any any eq 6969
deny udp any any eq 6969
deny tcp any any eq 6346
deny udp any any eq 6346
deny tcp any any eq 6347
deny udp any any eq 6347
deny tcp any any eq 554
deny udp any any eq 554
deny tcp any any range 6881 6999
deny udp any any range 6881 6999
deny tcp any any eq 411
deny udp any any eq 411
deny tcp any any eq 2710
deny udp any any eq 2710
deny tcp any any eq 7000
deny udp any any eq 7000
deny tcp any any eq 6700
deny udp any any eq 6700
deny tcp any any eq 6701
deny udp any any eq 6701
deny tcp any any eq 4329
deny udp any any eq 4329
deny tcp any any eq 1755
deny udp any any eq 1755
Please rate if it does!
Chandru
04-08-2007 11:00 PM
Hi Chandru,
You are really helpful, thank you so much for that.
I learned that when this P2P software learns that its port is blocked, it will shift to dynamic ports, are they within the list of ports define by your access-list?
Thank you,
py
04-08-2007 11:27 PM
Hi Paul,
Most of the P2P ports are well within the range defined above. But some of the ports are dynamic and will not be able to 100% block it as per my experience.
04-10-2007 12:06 AM
Hi Madru,
Thanks for that, I guess so, the bittorrent seems to be able to get through.
Thanks again,
py
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: