Your best bet is to block all traffic and then build a small "allow" list. This will perform MOST of what you are trying to accomplish. Start with ALLOW 80 LAN WAN and go from there.
If you start with the SonicWALL default config, for example, you will be blocking ports all day long as kids figure out that they can ftp on port 1234, telnet on port 9876, IRC on port 9999, etc. Block them all, and start to build a small access list. Here is an abbreviated on I built on: Action Service Source Dest Allow Web (HTTP) LAN * Allow Name Service (DNS) LAN * Allow Kerberos LAN * Allow RTSP-Quicktime LAN * Allow WindowsMediaPlayer LAN * Allow RealAudio LAN * Allow Ping LAN * Allow whois LAN * Allow HTTPS LAN * Deny Default LAN * Then you build on this access lists for your mail server, ftp server, etc. Clients by default cannot smtp, ssh, telnet, ftp, Pop3, etc. "Do that crap at home, not on my LAN." One of the only thing you have to worry about is those apps "smart" enough to adapt to find open ports (like messenger). In that case go to Google, search for "block messenger firewall" and apply the theory that you think will suit you. (I have the benefit of employing an IDS system that has signatures for messenger clients. It emails me, and I lart the luser.) HTH Paul -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 4:03 PM To: [EMAIL PROTECTED] Subject: [SonicWALL]- Gaming Center One of our "clients" is now a computer gaming center. (I am sooooo thrilled.) I need to decide on a firewall for this center. It will have to have the ability to block the various junk kids like to use, like Kaaza, AOL messenger, and such to keep the band width down. Does any one have a list or example of rules for this? I am dreading having to find all the programs and ports and such and build the rules from scratch. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail scanned for viruses by Declude/F-Prot AV] ================================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ LEGAL NOTICE: Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this e-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
