IPFW closing range of ports

I'm new to this, so go easy please.

I have put in place a very basic ipfw ruleset in my place of employment.
To this i have been asked to block out all peer to peer sharing to ports in the range of 14500-65000.

Is it doable?
I am currently experiencing issues with users where I work running a music streaming service which at first runs from the free service's own servers, then starts running peer to peer. I am not allowed to block the application. I would like to as it is hogging bandwidth, but have been told  I am not permitted. Is there anything I can do?
The application will run with the peer to peer option disabled, relying only on the company's server, before eventually getting kicked off after an hour or so (but I don't care about that).


Thank you all in advance

You could starve it by using a pipe, allocate 16 kbit/sec. Then
technically you aren't blocking it.

ipfw add 1000 pipe 10 tcp  from any to any 14500-65535 out
ipfw pipe 10 config bw 16k queue 100 mask dst-ip 0xff000000

Otherwise, you can block the ports:
ipfw add 1000 deny tcp from any to any 14500-65535 out

Depends on how much of a BOFH mood your are in that day.

-- Matthew

PeterJJ wrote:
> I'm new to this, so go easy please.
>
> I have put in place a very basic ipfw ruleset in my place of employment.
> To this i have been asked to block out all peer to peer sharing to ports in
> the range of 14500-65000.
>
>  
_______________________________________________
freebsd-ipfw@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@..."