I've got a sonicwall TZ170W and need to block a bunch of ports so users on my network can not access nntp usenet newsgroup servers over those ports. So should I be blocking outgoing or incomming? I think outgoing, but just want to make sure. The ports I will be blocking are-
119, 53, 23, 25, 9000, 8000, 3128, 563, 443 I know 25 is smtp for email, so outgoing would be ok to block. 23 outgoing should be ok to block as well. 443 incomming or outgoing I'm not sure since that's https/ssl stuff. 53 is DNS and since i am not running a dns server I'd block incomming right? Just looking for some clarification please. I'd also like to block domains, but don't know how since my ap[pliance doesn't seem to do that for anything but web domains. If I could block the nntp protocol entirely then it should work out better cus then in newsreader apps they can try to connect over port 80 but still be blocked i have heard. Not sure though. For nntp servers that accept connections over port 80 the only thing i can try is to block the range of ips from that usenet server, but how would i find their range of ips they use? newsreader.com is one as well as a couple more servers I'm forgetting right now. So if I know the company, how do i find the ip range they are using for their news servers so I could just block the range?Thanks guys.