How do I filter HTTP on other ports? There are five steps necessary to enable filtering on other ports:
- Create a service for the ports in question (e.g. http8000).
- Add a rule with a resource to your rulebase using the new service.
- Install the security policy
- Reconfigure fwauthd.conf on the firewall module
- Bounce the firewall
Creating the services is straightforward. Create a new service of type TCP. Set the Protocol Type to URI (4.1 and before) or HTTP (NG) and the port as necessary (e.g. port 8000). If you do an "add with resource" in the services section of a rule, you will be able to associate a resource with the new service you created (e.g. http8000). If you do filtering with "wildcard" resources, you will need to enter the "host" part of the url as "host:port". For example, to match "all", instead of entering "*", you would need to type it as "*:*". If you don't do this, your resource will fail.
To reconfigure $FWDIR/conf/fwauthd.conf on the firewall module, you will need to add a line to this file for each "unusual" port you wish to filter on. For port 8000, for instance, on an NG firewall, the line would read: 8000 fwssd in.ahttpd wait 0In FireWall-1 4.1 and earlier:
8000 in.ahttpd wait 0Re-install the security policy and bounce the firewall (cprestart in NG, fwstop; fwstart in 4.1 and earlier).
--
PhoneBoy - 31 Dec 2003
FAQForm FAQs.Class:
ContentSecurityFAQs OperatingSystem?: FAQs.Version:
How do I filter HTTP on other ports? 
2005-08-13 
How do I filter HTTP on other ports? 
Linear Mode
