> On Wednesday, November 15, 2000 11:47 -0600, "Neulinger, Nathan R."
> <[EMAIL PROTECTED]> wrote:
> +-----
> | One of the ports, either the src or destination, will always be in the
> | 7000-7009 range I believe.
> +--->8
>
> In practice this is 7000-7003 UDP on client machines, so it is sufficient
> to pass UDP traffic destined to ports 7000-7003 sent by clients and block
> everything else. (Although you may also want to pass ports 750 or 88 and
> 123 if you use Kerberos or NTP instead of relying on AFS for either.)
Since Brandon's example assumes you're passing kaserver traffic that should
read 7000-7004 instead of 7000-7003; kaserver listens on 7004.
-D
