You have set it to deny TCP. If you will notice from my earlier post, AIM uses. TCP and UDP. So, you need to make sure to set it to black all protocols to those class C's. Take a look at Brad's post again.
-John At 02:46 PM 7/12/00 +0200, you wrote: >--------------------- Attention ----------------------------- >Online GNAT Box User Forum is Now Open >Click the Register link and sign up today >http://www.gnatbox.com/cgi-bin/Ultimate.cgi >------------------------------------------------------------- >Send postings to: [EMAIL PROTECTED] >Access the list archives at: http://www.gnatbox.com/gb-users/ >------------------------------------------------------------- >right this is what I have in my Outbound and Remote Access filters.. > >And it is still getting through... > >Should I restart thr Gnat box? > >Dieter > >FILTERS > OUTBOUND > 1 #AOL Block > Deny ANY TCP > from 10.1.1.200/255.255.255.0 > to "ANY_IP" 5190 > > 2 #AOL Block 2 > Deny ANY TCP > from "ANY_IP" 5190 > to "ANY_IP" > > 3 #AOL Block > Deny ANY TCP > from "ANY_IP" > to "ANY_IP" 5190 > > 4 #Controlled Access > Accept "PROTECTED" TCP > from "ANY_IP" > to "ANY_IP" 25 77 53 80 110 443 8888 > > 5 #Allow ping and traceroute > Accept "PROTECTED" ICMP > from "ANY_IP" > to "ANY_IP" > > 6 #Allow DNS > Accept "PROTECTED" UDP > from "ANY_IP" > to "ANY_IP" 53 > > 7 #Deny Netbios Connections > Deny "PROTECTED" TCP nolog > from "ANY_IP" > to "ANY_IP" 135:139 > > 8 #Deny Netbios Connections > Deny "PROTECTED" UDP nolog > from "ANY_IP" > to "ANY_IP" 135:139 > > 9 #Deny the remaining open ports > Deny "PROTECTED" ALL email > from "ANY_IP" > to "ANY_IP" > > 10 #Full Access > DISABLED - Accept "PROTECTED" ALL > from "ANY_IP" > to "ANY_IP" > > REMOTE ACCESS > 1 #Allow web > Accept ANY TCP > from "ANY_IP" > to "ANY_IP" 25 80 110 1521 443 > > 2 #DNS > Accept ANY UDP > from "ANY_IP" > to "ANY_IP" 53 > > 3 #Block Netbios connections to the Firewall > Deny "PROTECTED" UDP nolog > from "ANY_IP" > to "ANY_IP" 135:139 > > 4 #Block Netbios connections to the Firewall > Deny "PROTECTED" TCP nolog > from "ANY_IP" > to "ANY_IP" 135:139 > > 5 #Allow ping and traceroute > Accept ANY ICMP > from "ANY_IP" > to "ANY_IP" > > 6 #Allow protected network access to WWW remote admin server. > Accept "PROTECTED" TCP > from 10.1.1.214/255.255.255.0 > to 10.1.1.1/255.255.255.255 8888 > > 7 #Allow protected network access to RMC remote admin server. > Accept "PROTECTED" TCP > from 10.1.1.214/255.255.255.0 > to 10.1.1.1/255.255.255.255 77 > > 8 #Deny Open Ports > Deny ANY ALL > from "ANY_IP" > to "ANY_IP" > > >-----Original Message----- >From: Michael W. Burden [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, July 12, 2000 2:34 PM >To: Dieter Lubbe; 'GNATBOX-Users (E-mail)' >Subject: RE: Blocking AOL > > >Ok, I'll take one last shot at this, and then I'm >out of ideas... > >After you created the filter, did you move it ahead >of any other filters that might allow the connection? > >Mike Burden >Lynk Systems >(616)532-4985 >[EMAIL PROTECTED] > > > > -----Original Message----- > > From: Dieter Lubbe [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 12, 2000 8:33 AM > > To: 'Michael W. Burden'; 'GNATBOX-Users (E-mail)' > > Subject: RE: Blocking AOL > > > > > > Yes I did.... > > > > The connection is still going. > > > > Dieter > > > > -----Original Message----- > > From: Michael W. Burden [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 12, 2000 2:29 PM > > To: Dieter Lubbe; GNATBOX-Users (E-mail) > > Subject: RE: Blocking AOL > > > > > > Did you add the outbound filter that blocks all traffic > > on any port to the 205.188.153.0/255.255.255.0 subnet > > (as Brad Plank suggested)? > > > > Mike Burden > > Lynk Systems > > (616)532-4985 > > [EMAIL PROTECTED] > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Dieter Lubbe > > > Sent: Wednesday, July 12, 2000 4:26 AM > > > To: 'Al Grenley'; 'Michael W. Burden'; GNATBOX-Users (E-mail) > > > Subject: RE: Blocking AOL > > > > > > > > > --------------------- Attention ----------------------------- > > > Online GNAT Box User Forum is Now Open > > > Click the Register link and sign up today > > > http://www.gnatbox.com/cgi-bin/Ultimate.cgi > > > ------------------------------------------------------------- > > > Send postings to: [EMAIL PROTECTED] > > > Access the list archives at: http://www.gnatbox.com/gb-users/ > > > ------------------------------------------------------------- > > > I have installed outbound filters as suggested, but the sucker is still > > > slipping through..... > > > > > > THe other method I have tried is as follows, > > > > > > I have set the outbound filters to only allow 21 22 23 25 80 > > 110 and 443. > > > > > > But I still see the AOL connection.... > > > > > > What am I doing wrong? > > > > > > As far as I can tell the connection is inbound from > > 205.188.2.178/5190 to > > > one of my local machines. > > > Setting up a remote access filter didn't help either. > > > > > > --> TCP 10.1.1.200/1056 209.212.103.210/10065 > > 205.188.2.178/5190 > > > 00:00:23 > > > > > > Any other suggestions? > > > > > > DIeter > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Al Grenley > > > Sent: Tuesday, July 11, 2000 6:26 PM > > > To: 'Dieter Lubbe'; 'Michael W. Burden'; GNATBOX-Users (E-mail) > > > Subject: RE: Blocking AOL > > > > > > > > > --------------------- Attention ----------------------------- > > > Online GNAT Box User Forum is Now Open > > > Click the Register link and sign up today > > > http://www.gnatbox.com/cgi-bin/Ultimate.cgi > > > ------------------------------------------------------------- > > > Send postings to: [EMAIL PROTECTED] > > > Access the list archives at: http://www.gnatbox.com/gb-users/ > > > ------------------------------------------------------------- > > > Try this > > > > > > Create and Save Out Bound filters for the following: > > > > > > Block ports 5190 ALL TCP > > > > > > AOL Instant Messenger jumps all over different ports so I think > > > chasing that > > > is hopeless. > > > Try blocking the servers that AIM uses for LOGIN. > > > > > > Block ANY ALL for address 152.163.242.24 > > > Block ANY ALL for address 152.163.242.28 > > > Block ANY ALL for address 152.163.242.120 > > > Block ANY ALL for address 152.163.242.128 > > > (there may be others) > > > > > > Good luck al..... > > > > > > -----Original Message----- > > > From: Dieter Lubbe [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, July 11, 2000 11:00 AM > > > To: 'Michael W. Burden'; GNATBOX-Users (E-mail) > > > Subject: Blocking AOL > > > > > > > > > --------------------- Attention ----------------------------- > > > Online GNAT Box User Forum is Now Open > > > Click the Register link and sign up today > > > http://www.gnatbox.com/cgi-bin/Ultimate.cgi > > > ------------------------------------------------------------- > > > Send postings to: [EMAIL PROTECTED] > > > Access the list archives at: http://www.gnatbox.com/gb-users/ > > > ------------------------------------------------------------- > > > Thanks for all the help. > > > > > > One last question. > > > > > > I've got a user accessing AOL, on 5190. > > > I have been told to block all AOL access, but no matter what > > > filter I setup, > > > the connection keeps going. > > > > > > Thanks for all the help! > > > > > > Dieter > > > > > > This is the extract from the "Current Connections" > > > > > > > > > --> TCP 10.1.1.200/1029 209.212.103.210/10147 > > 205.188.2.185/5190 > > > > > > ---------------------------------------------- > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > > with "unsubscribe gb-users your_email_address > > > in the body of the message > > > ---------------------------------------------- > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > > with "unsubscribe gb-users your_email_address > > > in the body of the message > > > > > > ---------------------------------------------- > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > > with "unsubscribe gb-users your_email_address > > > in the body of the message > >---------------------------------------------- >To Unsubscribe: send mail to [EMAIL PROTECTED] >with "unsubscribe gb-users your_email_address >in the body of the message Global Technology Associates, Inc. 3505 Lake Lynda Drive Suite 109 Orlando, FL 32817 USA Tel: +1.407.380.0220 x105 Fax: +1.407.380.6080 http://www.gnatbox.com
