Indunil Jayasooriya
2006-Nov-09 09:49 UTC
[CentOS] How to block Yahoo , MSN messanger and Kazza with IPTABLES
Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help needed. -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20061109/98a63fb9/attachment-0002.html>
Indunil Jayasooriya
2006-Nov-09 09:50 UTC
Fwd: How to block Yahoo , MSN messanger and Kazza with IPTABLES
Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help needed. -- Thank you Indunil Jayasooriya -- Thank you Indunil Jayasooriya _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
emporindo
2006-Nov-09 10:08 UTC
[CentOS] How to block Yahoo , MSN messanger and Kazza with IPTABLES
Hi Indunil, for bloking P2P , you can use IPP2P --> www.ipp2p.org and you can find the RPM base from http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ thanks mr David for bloking YM and MSN , better use combination iptables and squid to block url and site for server YM . regards ----- Original Message ----- From: Indunil Jayasooriya To: centos at centos.org Sent: Thursday, November 09, 2006 5:49 PM Subject: [CentOS] How to block Yahoo , MSN messanger and Kazza with IPTABLES Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help needed. -- Thank you Indunil Jayasooriya ------------------------------------------------------------------------------ _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20061109/6fff44ed/attachment-0002.html>
hrbac.conf at seznam.cz (David Hrbác
2006-Nov-09 10:43 UTC
[CentOS] IPP2P RPM ( was: How to block Yahoo , MSN messanger and Kazza with IPTABLES)
emporindo napsal(a):> Hi Indunil, > > for bloking P2P , you can use IPP2P --> www.ipp2p.org and you can find the RPM base from http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ thanks mr DavidAs to IPP2P RPM, I have rebuild it for latest kernel. I have thought no one is using it. :o) Maybe I should again start build ipt/kernel modules. Any suggestions for missing ones? D.
David Hrbáč
2006-Nov-09 10:45 UTC
[CentOS] How to block Yahoo , MSN messanger and Kazza with IPTABLES
emporindo napsal(a):> Hi Indunil, > > for bloking P2P , you can use IPP2P --> www.ipp2p.org and you can find the RPM base from http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ thanks mr David > > for bloking YM and MSN , better use combination iptables and squid to block url and site for server YM . > regards >Try L7-filter. http://l7-filter.sourceforge.net/protocols David Hrb??
dAm2K
2006-Nov-09 11:17 UTC
Re: How to block Yahoo , MSN messanger and Kazza with IPTABLES
2006/11/9, Indunil Jayasooriya <indunil75@gmail.com>:> I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as > my local network users always go there. > > How Can I do it?Read this howto first... http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html 1) Close all traffic (do this locally, or you will not be able to reach your firewal!!): iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP 2) Do NAT: iptables -t nat -A POSTROUTING -s YOUR_NET/YOUR_MASK -j MASQUERADE 3) Accept "syn" packets you need in FORWARD chain. You may need to accept other stuff like icmp, dns, related||established... Ex: iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport http -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport https -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport domain -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p udp -m udp --dport domain -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p icmp -j ACCEPT 4) Install and configure an HTTP proxy behind your firewall (ex. SQUID), and pay attention at your ACL, an open proxy is very dangerous!! -- dAm2K, you know I''m there!
the sew
2006-Nov-09 15:01 UTC
Re: Fwd: How to block Yahoo , MSN messanger and Kazza with IPTABLES
iptables has some powerfull rules u can use to block msn and yahoo and p2p software I would use a transpert proxy with squid and ipp2p ( http://www.ipp2p.org ) which is a extension module for iptables which can block p2p which is very difficult to track for example iptables -A FORWARD -m ipp2p --ipp2p -j DROP hope it helps Sew On 11/9/06, Indunil Jayasooriya <indunil75@gmail.com> wrote:> Hi, > > I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as > my local network users always go there. > > How Can I do it? > > I am not runnig iptables as a script nor have I put anything in my rc.local. > But instaed, I input the commands and save it by using the below cmmand > > /etc/init.d/iptables save > > and I restart it > > /etc/init.d/iptables restart > > > My box runs on Cent OS 4.4. > > Help needed. > > -- > Thank you > Indunil Jayasooriya > > > -- > Thank you > Indunil Jayasooriya > >
Stephen John Smoogen
2006-Nov-09 16:50 UTC
[CentOS] How to block Yahoo , MSN messanger and Kazza with IPTABLES
On 11/9/06, Indunil Jayasooriya <indunil75 at gmail.com> wrote:> > Hi, > > I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as > my local network users always go there. > How Can I do it? >Kazza and other Peer to Peer need something like a Layer 7 tool because they are very closed. The Yahoo and MSN can be blocked by blocking particular IP/ports.. HOWEVER, they all have web clients so that they can just use a browser instead. The true fix of this is the following: 1) A clear rule with consequences for using these tools on your network. E.G. if at a company, they need to register a need to use the tool, get clearance to use it and then are monitored to use it. People who do not have a clearance to use it will be detected and disciplined (fired, demoted, whatever HR says needs to be done). 2) Set up the firewall to block/detect usage of the tools. Make a daily/weekly report to HR of people abusing the rule. 3) Follow through with step 1. If #1 has no teeth, then you might as well just hang it up as the number of ways to get around firewalls these days is enormous (e.g. if your firewall doesnt block all outgoing traffic unless approved you are hosed :)). -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"
hrbac.conf at seznam.cz (David Hrbác
2006-Nov-09 19:15 UTC
[CentOS] How to block Yahoo , MSN messanger and Kazza with IPTABLES
Indunil Jayasooriya napsal(a):> Hi, > > I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as > my local network users always go there. > How Can I do it? >Well, I did not test it. http://www.wains.be/?p=91 David