No more "match on source port"?

lithium381 · 12-30-2011, 12:10 AM

In the examples I see online you can block by

destination port
destination address
destination interface
source port
source address
source interface
Protocol

In the 9.1.1 i just installed there is no option for source port...... or am I simply blind?

WebFooL · 12-30-2011, 01:01 AM

Hi Lithium381,

The Source port option was removed with 9.1.
To manny support calls/threads where ppl using src port 80 and dest port 80.

But if you wan't there is a "hack" to enable it.
Open a terminal/ssh and run

Quote:

sed -i 's/visible: false/visible: true/' /usr/share/untangle/web/webui/script/untangle-node-firewall/settings.js

You can also mannualy edit the file with nano and just search for the source port field and chang it from false to visible.

lithium381 · 12-30-2011, 02:15 PM

I'm trying to play around with blocking ports for the sake of disrupting bittorrent, at least those who don't use port 80 and 443 . .

dmorris · 12-30-2011, 02:19 PM

Quote:

Originally Posted by lithium381

I'm trying to play around with blocking ports for the sake of disrupting bittorrent, at least those who don't use port 80 and 443 . .

Which is exactly why source port was removed. Because it won't help you do this. In fact, it will guarantee your rules wont do this because they won't ever match.

Mathiau · 12-30-2011, 02:21 PM

block all and only let through ports that are needed?

21,25,80,8080,53,110,143,443,993,995,467,587

Why not just tell the people using bittorrent to stop?

lithium381 · 12-30-2011, 04:26 PM

Quote:

Originally Posted by Mathiau

block all and only let through ports that are needed?

21,25,80,8080,53,110,143,443,993,995,467,587

Why not just tell the people using bittorrent to stop?

i'm looking into this as a solution for a friend who wants to offer guest wifi in his restaurant. obviously the captive portal will say "you're not allowed to do this" but I can't just sit there and look over peoples shoulders all day long and say "hey, no bittorrent!" among other things....

in theory there should be no incomming connections. i just expect people to check e-mail and surf facebook for the most-part... but also don't want to restrict access to someone like myself who would be using it and needing to SSH back to another server quickly to check something...

Mathiau · 01-02-2012, 09:36 AM

i would def do a block all then and only let out basic ports, most people dont know any better to change the ports for torrent clients anyways.

you could consider Bandwidth control and giving people quota's which you then severly throttle their speeds if they meet said quota.

do something like 50Mb since it is for a cafe.

12-30-2011, 12:10 AM	#1 (permalink)
lithium381 Newbie Join Date: Dec 2011 Posts: 6	No more "match on source port"? In the examples I see online you can block by destination port destination address destination interface source port source address source interface Protocol In the 9.1.1 i just installed there is no option for source port...... or am I simply blind?

12-30-2011, 02:21 PM	#5 (permalink)
Mathiau Join Date: Feb 2008 Location: Costa Frickn' Rica Posts: 1,467	block all and only let through ports that are needed? 21,25,80,8080,53,110,143,443,993,995,467,587 Why not just tell the people using bittorrent to stop? __________________ Def1:Started:UT 7.1 x64 -- Current :UT 9.1 x64\| Gigabyte GM-G31 mATX \| Intel Q8200 \| 8G DDR2 800 \| 80G WD \| 4x Intel Pro 1000 GT NIC's \| Corsair 550W PSU \| Norco RPC-250 2U Case \| 50mb/50mb \| 10 users

01-02-2012, 09:36 AM	#7 (permalink)
Mathiau Join Date: Feb 2008 Location: Costa Frickn' Rica Posts: 1,467	i would def do a block all then and only let out basic ports, most people dont know any better to change the ports for torrent clients anyways. you could consider Bandwidth control and giving people quota's which you then severly throttle their speeds if they meet said quota. do something like 50Mb since it is for a cafe. __________________ Def1:Started:UT 7.1 x64 -- Current :UT 9.1 x64\| Gigabyte GM-G31 mATX \| Intel Q8200 \| 8G DDR2 800 \| 80G WD \| 4x Intel Pro 1000 GT NIC's \| Corsair 550W PSU \| Norco RPC-250 2U Case \| 50mb/50mb \| 10 users

Protect

Filter

Perform

Connect

Manage

Add-Ons

12-30-2011, 02:15 PM	#3 (permalink)
lithium381 Newbie Join Date: Dec 2011 Posts: 6	I'm trying to play around with blocking ports for the sake of disrupting bittorrent, at least those who don't use port 80 and 443 . .