Hi Leonardo the random ports are icq-user how tries to make a direct connection with a icq-user behind your firewall. I think it's not advisable to allow direct connections because you need a direct connection to exchange files. This could lead to uncontrolled filetransfer from within and into your company and this is a serious security hole.
Try something like this: iptables -A icq -p tcp --dport 5190 -d login.icq.com -j ACCEPT iptables -A icq -p tcp --dport 5190 -s login.icq.com -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A icq -p tcp --dport 5190 -s icq.com ! --syn -i $I_EXTERN -j ACCEPT iptables -A FORWARD -j icq iptables -A INPUT -j icq This enable your icq-user to send and receive messages through the icq server. IMHO this is a solution with a calculated security risk. Hope it helps you. Sincerily, Erik Pagel --On Donnerstag, 16. Mai 2002 17:58 -0300 Leonardo Rodrigues Magalh�es <[EMAIL PROTECTED]> wrote: > > Hello Guys, > > I've setup an iptables firewall that uses REJECT as default rule for > INPUT and FORWARD chains. > > It's working with no problems, altough I've seen LOTS of packets being > rejected on INPUT chain ..... after some research, I've noticed those are > not hacker packets, they are ICQ packets ( yes, ICQ is allowed ). > > As we know, ICQ receives messages in random ports, thus I cannot > easily allow it on the firewall. Seems that every time some of my > internal users receives an ICQ message, some packets are rejected but > message still arrives ( is it being sent through server ?? ). > > Question is: Is there any intelligent way of allowing ICQ packets to > pass through ( external to internal ) without blocking them ? Is there any > ip_conntrack_icq available ?? > > Sincerily, > Leonardo Rodrigues > > >
