For IT Pros This page contains information about the "Mostly Open + UI" campus firewall group.
The Mostly Open + UI group is designed for servers that are not web or email servers; it allows all traffic from the University of Illinois IP ranges. From the broader Internet, it blocks the most commonly exploited ports while allowing all other traffic through. This group is too permissive for most desktops.
In this firewall group, IP ranges belonging to the University of Illinois (including the Springfield and Chicago campuses) are given full access. UI IP ranges will not be subject to the same firewall restrictions as IP ranges from the external Internet.
For a list of the IP ranges that this firewall group considers a part of the University of Illinois network, see Guide to University of Illinois IP Spaces.
From computers that are not part of the University of Illinois network:
All except DNS, finger, HTTP, HTTPS, ICMP, IRC, LDAP, LPD, NFS, NNTP, SNMP, and SMTP. (A specific port list is available.)
Assuming that a machine uses the standard ports for its services, external users trying to access services from a machine in this group will find that many services are allowed. However, unlike the Mostly Closed group, several of the most common services are denied, in order to protect the machine from the most common exploits.
Services denied to users coming from outside the firewall include mail, chat, ping or traceroute, user lookup, unencrypted web servers, newsgroups, and network management services like directory access, network file sharing, and DNS (mapping machine names to IP addresses).
To computers that are not part of the University of Illinois network:
All (except the ports that are always blocked in both directions)