Your filter 3 makes filter 1 redundant, and despite
what you said you don't have a filter to block any
access on any port to the 205.188.153.0 subnet.
Delete filter 1, and add a new filter:
#Block all access to AOL servers
Deny ANY ALL
from "ANY_IP"
to 205.188.153.0/255.255.255.0
Be sure to move this filter ahead of your existing
filter 4.
Mike Burden
Lynk Systems
(616)532-4985
[EMAIL PROTECTED]
> -----Original Message-----
> From: Dieter Lubbe [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 8:47 AM
> To: 'Michael W. Burden'; GNATBOX-Users (E-mail)
> Subject: RE: Blocking AOL
>
>
> right this is what I have in my Outbound and Remote Access filters..
>
> And it is still getting through...
>
> Should I restart thr Gnat box?
>
> Dieter
>
> FILTERS
> OUTBOUND
> 1 #AOL Block
> Deny ANY TCP
> from 10.1.1.200/255.255.255.0
> to "ANY_IP" 5190
>
> 2 #AOL Block 2
> Deny ANY TCP
> from "ANY_IP" 5190
> to "ANY_IP"
>
> 3 #AOL Block
> Deny ANY TCP
> from "ANY_IP"
> to "ANY_IP" 5190
>
> 4 #Controlled Access
> Accept "PROTECTED" TCP
> from "ANY_IP"
> to "ANY_IP" 25 77 53 80 110 443 8888
>
> 5 #Allow ping and traceroute
> Accept "PROTECTED" ICMP
> from "ANY_IP"
> to "ANY_IP"
>
> 6 #Allow DNS
> Accept "PROTECTED" UDP
> from "ANY_IP"
> to "ANY_IP" 53
>
> 7 #Deny Netbios Connections
> Deny "PROTECTED" TCP nolog
> from "ANY_IP"
> to "ANY_IP" 135:139
>
> 8 #Deny Netbios Connections
> Deny "PROTECTED" UDP nolog
> from "ANY_IP"
> to "ANY_IP" 135:139
>
> 9 #Deny the remaining open ports
> Deny "PROTECTED" ALL email
> from "ANY_IP"
> to "ANY_IP"
>
> 10 #Full Access
> DISABLED - Accept "PROTECTED" ALL
> from "ANY_IP"
> to "ANY_IP"
>
> REMOTE ACCESS
> 1 #Allow web
> Accept ANY TCP
> from "ANY_IP"
> to "ANY_IP" 25 80 110 1521 443
>
> 2 #DNS
> Accept ANY UDP
> from "ANY_IP"
> to "ANY_IP" 53
>
> 3 #Block Netbios connections to the Firewall
> Deny "PROTECTED" UDP nolog
> from "ANY_IP"
> to "ANY_IP" 135:139
>
> 4 #Block Netbios connections to the Firewall
> Deny "PROTECTED" TCP nolog
> from "ANY_IP"
> to "ANY_IP" 135:139
>
> 5 #Allow ping and traceroute
> Accept ANY ICMP
> from "ANY_IP"
> to "ANY_IP"
>
> 6 #Allow protected network access to WWW remote admin server.
> Accept "PROTECTED" TCP
> from 10.1.1.214/255.255.255.0
> to 10.1.1.1/255.255.255.255 8888
>
> 7 #Allow protected network access to RMC remote admin server.
> Accept "PROTECTED" TCP
> from 10.1.1.214/255.255.255.0
> to 10.1.1.1/255.255.255.255 77
>
> 8 #Deny Open Ports
> Deny ANY ALL
> from "ANY_IP"
> to "ANY_IP"
>
>
> -----Original Message-----
> From: Michael W. Burden [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 2:34 PM
> To: Dieter Lubbe; 'GNATBOX-Users (E-mail)'
> Subject: RE: Blocking AOL
>
>
> Ok, I'll take one last shot at this, and then I'm
> out of ideas...
>
> After you created the filter, did you move it ahead
> of any other filters that might allow the connection?
>
> Mike Burden
> Lynk Systems
> (616)532-4985
> [EMAIL PROTECTED]
>
>
> > -----Original Message-----
> > From: Dieter Lubbe [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 12, 2000 8:33 AM
> > To: 'Michael W. Burden'; 'GNATBOX-Users (E-mail)'
> > Subject: RE: Blocking AOL
> >
> >
> > Yes I did....
> >
> > The connection is still going.
> >
> > Dieter
> >
> > -----Original Message-----
> > From: Michael W. Burden [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 12, 2000 2:29 PM
> > To: Dieter Lubbe; GNATBOX-Users (E-mail)
> > Subject: RE: Blocking AOL
> >
> >
> > Did you add the outbound filter that blocks all traffic
> > on any port to the 205.188.153.0/255.255.255.0 subnet
> > (as Brad Plank suggested)?
> >
> > Mike Burden
> > Lynk Systems
> > (616)532-4985
> > [EMAIL PROTECTED]
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > Dieter Lubbe
> > > Sent: Wednesday, July 12, 2000 4:26 AM
> > > To: 'Al Grenley'; 'Michael W. Burden'; GNATBOX-Users (E-mail)
> > > Subject: RE: Blocking AOL
> > >
> > >
> > > --------------------- Attention -----------------------------
> > > Online GNAT Box User Forum is Now Open
> > > Click the Register link and sign up today
> > > http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> > > -------------------------------------------------------------
> > > Send postings to: [EMAIL PROTECTED]
> > > Access the list archives at: http://www.gnatbox.com/gb-users/
> > > -------------------------------------------------------------
> > > I have installed outbound filters as suggested, but the
> sucker is still
> > > slipping through.....
> > >
> > > THe other method I have tried is as follows,
> > >
> > > I have set the outbound filters to only allow 21 22 23 25 80
> > 110 and 443.
> > >
> > > But I still see the AOL connection....
> > >
> > > What am I doing wrong?
> > >
> > > As far as I can tell the connection is inbound from
> > 205.188.2.178/5190 to
> > > one of my local machines.
> > > Setting up a remote access filter didn't help either.
> > >
> > > --> TCP 10.1.1.200/1056 209.212.103.210/10065
> > 205.188.2.178/5190
> > > 00:00:23
> > >
> > > Any other suggestions?
> > >
> > > DIeter
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > Al Grenley
> > > Sent: Tuesday, July 11, 2000 6:26 PM
> > > To: 'Dieter Lubbe'; 'Michael W. Burden'; GNATBOX-Users (E-mail)
> > > Subject: RE: Blocking AOL
> > >
> > >
> > > --------------------- Attention -----------------------------
> > > Online GNAT Box User Forum is Now Open
> > > Click the Register link and sign up today
> > > http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> > > -------------------------------------------------------------
> > > Send postings to: [EMAIL PROTECTED]
> > > Access the list archives at: http://www.gnatbox.com/gb-users/
> > > -------------------------------------------------------------
> > > Try this
> > >
> > > Create and Save Out Bound filters for the following:
> > >
> > > Block ports 5190 ALL TCP
> > >
> > > AOL Instant Messenger jumps all over different ports so I think
> > > chasing that
> > > is hopeless.
> > > Try blocking the servers that AIM uses for LOGIN.
> > >
> > > Block ANY ALL for address 152.163.242.24
> > > Block ANY ALL for address 152.163.242.28
> > > Block ANY ALL for address 152.163.242.120
> > > Block ANY ALL for address 152.163.242.128
> > > (there may be others)
> > >
> > > Good luck al.....
> > >
> > > -----Original Message-----
> > > From: Dieter Lubbe [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, July 11, 2000 11:00 AM
> > > To: 'Michael W. Burden'; GNATBOX-Users (E-mail)
> > > Subject: Blocking AOL
> > >
> > >
> > > --------------------- Attention -----------------------------
> > > Online GNAT Box User Forum is Now Open
> > > Click the Register link and sign up today
> > > http://www.gnatbox.com/cgi-bin/Ultimate.cgi
> > > -------------------------------------------------------------
> > > Send postings to: [EMAIL PROTECTED]
> > > Access the list archives at: http://www.gnatbox.com/gb-users/
> > > -------------------------------------------------------------
> > > Thanks for all the help.
> > >
> > > One last question.
> > >
> > > I've got a user accessing AOL, on 5190.
> > > I have been told to block all AOL access, but no matter what
> > > filter I setup,
> > > the connection keeps going.
> > >
> > > Thanks for all the help!
> > >
> > > Dieter
> > >
> > > This is the extract from the "Current Connections"
> > >
> > >
> > > --> TCP 10.1.1.200/1029 209.212.103.210/10147
> > 205.188.2.185/5190
> > >
> > > ----------------------------------------------
> > > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > > with "unsubscribe gb-users your_email_address
> > > in the body of the message
> > > ----------------------------------------------
> > > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > > with "unsubscribe gb-users your_email_address
> > > in the body of the message
> > >
> > > ----------------------------------------------
> > > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > > with "unsubscribe gb-users your_email_address
> > > in the body of the message
