Ama Kalu
2003-Nov-17 11:43 UTC
[Shorewall-users] Bandwidth management and filtering port 80
Hi All, Streams and media services from MS, Apple and RealONE etc can pass through port 80 when you block PNA, MMS and RSTP ports. I also suspect trojans / stealth applications do the same. I am concerned in the first case about bandwidth management, and in the later case security. Is there a way to block streams or inspect the traffic to ensure that it is really webtraffic that is passing? Can shorewall do this or is there another way? Thanks in advance. Ama
Tom Eastep
2003-Nov-17 12:04 UTC
[Shorewall-users] Bandwidth management and filtering port 80
On Mon, 2003-11-17 at 11:42, Ama Kalu wrote:> Hi All, > > Streams and media services from MS, Apple and RealONE etc can pass through port 80 when you block PNA, MMS and RSTP ports. I also suspect trojans / stealth applications do the same. > > I am concerned in the first case about bandwidth management, and in the later case security. Is there a way to block streams or inspect the traffic to ensure that it is really webtraffic that is passing? > > Can shorewall do this or is there another way?Shorewall is a packet filter -- it doesn''t inspect the payload of packets. For that, you need a Proxy like Squid. -Ton -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Francesca C Smith
2003-Nov-17 15:38 UTC
[Shorewall-users] RE: Bandwidth management and filtering port 80
Hello, At 03:00 PM 11/17/2003, you wrote:>Hi All, > >Streams and media services from MS, Apple and RealONE etc can pass through >port 80 when you block PNA, MMS and RSTP ports. I also suspect trojans / >stealth applications do the same. > >I am concerned in the first case about bandwidth management, and in the >later case security. Is there a way to block streams or inspect the >traffic to ensure that it is really webtraffic that is passing? > >Can shorewall do this or is there another way? > >Thanks in advance. > >AmaDon''t use Shorewall for this .. Use a proxy .. and block the appropriate file extensions and/or mime types .. I use SQUID .. Francesca "No Problems Only Solutions" Francesca C. Smith Lady Linux Internet Services fsmith@ladylinux.com
Ama Kalu
2003-Nov-18 06:56 UTC
[Shorewall-users] RE: Bandwidth management and filtering port 80
Thanks How then do you use squid to block streams through port 80 while letting regular http through? Regards, Ama>-----Original Message----- >From: shorewall-users-bounces@lists.shorewall.net[mailto:shorewall-users->bounces@lists.shorewall.net] On Behalf Of Francesca C Smith >Sent: Tuesday, November 18, 2003 12:37 AM >To: shorewall-users@lists.shorewall.net >Subject: [Shorewall-users] RE: Bandwidth management and filtering port80> >Hello, > >At 03:00 PM 11/17/2003, you wrote: >>Hi All, >> >>Streams and media services from MS, Apple and RealONE etc can passthrough>>port 80 when you block PNA, MMS and RSTP ports. I also suspect trojans/>>stealth applications do the same. >> >>I am concerned in the first case about bandwidth management, and inthe>>later case security. Is there a way to block streams or inspect the >>traffic to ensure that it is really webtraffic that is passing? >> >>Can shorewall do this or is there another way? >> >>Thanks in advance. >> >>Ama > >Don''t use Shorewall for this .. > >Use a proxy .. and block the appropriate file extensions and/or mimetypes>.. I use SQUID .. > >Francesca > > >"No Problems Only Solutions" >Francesca C. Smith >Lady Linux Internet Services >fsmith@ladylinux.com > > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm
Francesca C Smith
2003-Nov-18 07:45 UTC
[Shorewall-users] RE: Bandwidth management and filtering port 80
Hello,> Thanks > > How then do you use squid to block streams through port 80 while > letting > regular http through? > > Regards, > > Ama > >You block the extensions used with a filter ... such as .rm , .wma etc .... Works great here .. and you can block stuff like .exe , .hta .vbs .pif .. But How To Configure Squid Is Another group .. although there are some good docs here related to shorewall and squid working together .. Francesca
Ama Kalu
2003-Nov-19 04:13 UTC
[Shorewall-users] RE: Bandwidth management and filtering port 80
Thank you Francesca, I''ll investigate this.>-----Original Message----- >From: shorewall-users-bounces@lists.shorewall.net[mailto:shorewall-users->bounces@lists.shorewall.net] On Behalf Of Francesca C Smith >Sent: Tuesday, November 18, 2003 4:45 PM >To: shorewall-users@lists.shorewall.net >Subject: [Shorewall-users] RE: Bandwidth management and filtering port80> >Hello, > > >> Thanks >> >> How then do you use squid to block streams through port 80 while >> letting >> regular http through? >> >> Regards, >> >> Ama >> >> > >You block the extensions used with a filter ... such as .rm , .wma etc >.... Works great here .. and you can block stuff like .exe , .hta .vbs >.pif .. But How To Configure Squid Is Another group .. although there >are some good docs here related to shorewall and squid working together >.. > >Francesca > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm