> What I want to do is use ipfwadm to block a single port - namely 31337
> (UDP). For anyone who has had their head in the sand for the last few
> months, that's the port that Back Orrifice listens on by default.
ipfwadm -I -a reject -P udp -D 192.168.20.0/24 31337 -o
That's:
-I = check incoming packets.
-a reject = Let the sender know we're rejecting them. You can use
"-a deny" instead to drop them silently.
-P udp = UDP packets only.
-D 192.168.20.0/24 31337 = destination anywhere on your network (fix
this) on port 31337. Maybe "0.0.0.0/0 31337" to stop *your* users
connecting to another BO server.
-o = Log the address of the offender, so you can complain to their ISP.
This will also drop some legitimate UDP comms, if something happens to
grab port 31337 itself. I could live with this.