A how-to question -- writing a firewall rule to block port(993)
For many years using Mac and Windows it has been my policy to avoid INBOUND email because email is the most common vector for attacks. I know this because I've gotten my ears 'pinned back' too many times to think otherwise.
The LAN is much better off, in the absence of high-priced filtering hardware and the costly firmware that comes with it, directing all inbound mail to a remote, web-based drop box, available from such entities as yahoo or Gmail, etc., where it must be accessed via browser.
Using Ubuntu I now find that my knowledge of ipfw rules is somewhat lacking, as B4 now there has always been a simple, gui-based front-face to serve my needs.
GUFW offers no such advantage to the code-challenged.
Please offer me an example of the correct input that will enable GUFW to permanently block IMAPI Port 993 so I can SEND outbound mail over SMTP port (465) but never worry about receiving INBOUND email via P993.
If GUFW offers a list of commands that will work in GUFW I haven't come across it.
I did look for an answer to my question in the forums but despite the plethora of posts dealing with the general topic, I was unable to locate a specific answer.
So, how do 'ya do it?
I'm a big dummy. Help!
-------
To Costales: Thanks for the info but I haven't quite been able to figure out what it is you refer to when you say "search IMAP to determine what I want to do with that port."
I k-n-o-w what I wanna do with it. . . I wanna KILL it! Brutally!
Trouble is, the only IMAP device listed for my machine is a software called "Amanda," which is evidently an IM client that uses Port 143 (I think). After succeeding in actually entering a rule (-ha!) in GUFW to block Yahoo Mail on IMAP 993, despite my efforts to the contrary it listed Amanda as the software of note and the port as 143. Palm-forehead-slap. Repeat.
Nothing has worked in trying to FORCE GUFW to list Port 993; it simply refuses to do it. If it weren't for that pretty blue & white shield I'd probably uninstall GUFW and try a different firewall front-end.
So things are back to square A again and I'm just glad to still have a firewall.
I hope it isn't mad at me after all that colorful language.
. . . Even my own ears are still burning. My dog went outside and abandoned me despite frigid weather conditions, and now doesn't want to come back in.
Anyhow, in Macintosh systems the ipfw is fully writable, offering the user full-spectrum ability to do whatever he wants.
Guess I'm spoiled; but I'm not forgetting Ubuntu's security track record, which IMO outshines anything Apple's produced in the past 7 years, given the new "consensus of reason" ($uure) leaching out of the woodwork at Apple. I hope Tim Cook and his mafiosi take a trip on the WAYBACK MACHINE and restore things as they were when the entire world raved of the efficacies of OS X.
One stellar example of Apple's chicanery over the years is visible in the way its software engineers have all but remove Network Utility. It's become much more basic in its functions than it was in the original version.
Now, in re Apple it's like the great Kippling wrote in Road to Mandalay, "That's all shove behind me, long ago and fer away; and there ain't no buses running from the benk to Mandalay." It's mostly just a memory.
Tim Cook and his colleagues in the global intelligentsia have. . . formed an agreement. Yes.
So have I.
It's sandwich time.
Thanks again to Costales for trying to help a dummy.
May the rain fall sparsely on your plain.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Gufw Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
|
Revision history for this message
|
#1 |
|
Revision history for this message
|
#2 |
|
Revision history for this message
|
#3 |
Can you help with this problem?
Provide an answer of your own, or ask Mike Andrews for more information if necessary.
