5. Whats a good set of rules for ICQ that doesn't open all ports?
 
The first rule is to connect to ICQ. The range of 1024-5000 for local port range can be applied to most rules actually, not just this one. You can be more strict on the address range, but this will do for the time being, besides it's not allowing a large address range.
 
Description: Connect to ICQ
Protocol: UDP
Direction: Both directions
Local endpoint  
 Port type: Port/Range
 First port number: 1024
 Last port number: 5000
Application: (to wherever your icq.exe is located)
Remote endpoint
 Address type: Network/Range
 First address: 205.188.153.0
  Last address: 205.188.153.255
Port type: Single port
Port number: 4000
Rule valid: Always
Action: Permit
 
This 2nd rule is for file transfers, chat rooms, maybe other things but I know of at least those two. I looked at limiting the remote port range but it didn't seem to stay in any kind of predictable range. For file transfers I had the port number's jump from in the 2000 range to the 20 000 range. Remote address is to whoever you're doing a file transfer with so limiting it can not really be done.
 
Description: ICQ 2
Protocol: TCP
Direction: Outgoing
Local endpoint
 Port type: Port/Range
 First port number: 1024
 Last port number: 5000
Application: (to wherever your icq.exe is located)
Remote endpoint
 Address type: Any address
 Port type: Any port
Rule valid: Always
Action: Permit
 
If you want to try file transfers, chats and whatever else on your own computer then look here http://lvgeek.net/features/01/04/28/033232.shtml this will tell you how you can make it so you can open multiple instances of ICQ. Then just create yourself a new identity on ICQ and open up two instances of ICQ and you can test things for yourself.
 
source: ygfjhg
 
Here are some slightly different rules for ICQ2000b v4.65. Amongst other things it seems to include a different connection port during startup. I don't know what the latest version is... I don't rely on this software and so don't update too frequently :)
 
Here are the rules I'm using, differences highlighted:
 
Description: ICQ
Protocol: TCP <---
Direction: Outgoing <---
Local endpoint
 Port type: Port/Range
 First port number: 1024
 Last port number: 5000
Application: (to wherever your icq.exe is located)
Remote endpoint
 Address type: Network/Mask <---
 Network Address: 205.188.0.0 <---
 Network Mask: 255.255.0.0 <---
Port type: Single port
Port number: 5190 <---
Rule valid: Always
Action: Permit
 
The netmask was required because I found ICQ connecting outside the narrower range suggested by jcarm. That entire B block is owned by AOL.
 
There's also a second version of this rule with network address: 62.12.0.0 and netmask 255.255.0.0. Again this entire block is owned by AOL and ICQ tries to connect there.
 
It's possible that these address ranges are too broad, so I'd appreciate any enlightenment.
 
Finally I've got a block rule (above both of these) that seems to be the one that grabs updated ads and graphics during logon:
 
Description: Block ICQ ads
Protocol: TCP
Direction: Outgoing
Local endpoint
 Port type: Port/Range
 First port number: 1024
 Last port number: 5000
Application: (to wherever your icq.exe is located)
Remote endpoint
 Address type: Single address
 Host Address: 205.188.250.25
 Port type: Single port
 Port number: 80
Rule valid: Always
Action: Deny
 
I don't have any specific rules for normal use of ICQ: I'm happy for it to popup connect requests when something unusual happens.
 
source: HTH