How to See what is Blocked and then Program???

[100mbs]

I am trying to do a few things and I am new to the PIX firewall.

What are the commands to do the following??

1. I need to know what my Firewall is blocking i.e ports?

2. I need to block ports 4444, 135, and 69 from internal use and from ouside coming in?

3. How can I monitor the traffic on the PIX?

4. How can I tell what ports are blocked?

Thanks for the help in advance.

100mbs

 

[dopehead]

First things first, you need to get yourself a syslog server for starters, then you need to get logging setup to a proper level, start at debug and figure out if it generates too much traffic, and work your way down.

If you don't have any filters right now on the pix everything initiated from outside will be blocked and tcp and some udp "sessions" started from inside will be allowed to return traffic.

In the log from the pix you will see something like :

<164>Sep 04 2003 18:19:42: %PIX-4-106023: Deny udp src outside:65.54.240.61/7001 dst inside:x.x.x.x/5093 by access-group &quot;acl_outside&quot;

<164>Sep 04 2003 18:19:43: %PIX-4-106023: Deny tcp src outside:62.58.41.195/80 dst inside:x.x.x.x/62877 by access-group &quot;acl_outside&quot;

For filtering outgoing traffic, it is much like IOS ACL's except the mask is not inverted.
So to allow everyone to access internet but not on those ports it would be something like this :
access-list acl_inside deny tcp <lan net> <lan mask> any eq 4444
access-list acl_inside deny tcp <lan net> <lan mask> any eq 135
access-list acl_inside deny tcp <lan net> <lan mask> any eq 69
access-list acl_inside permit ip <lan net> <lan mask> any

access-group acl_inside in interface inside

-
The command &quot;show connection&quot; will tell you current sessions running through the pix.

Hope this helps you.