Shawn Grover wrote:
Hi gang.
We have an IPTables script (configured by someone other than me) for our firewall, which has been working fine. I'm able to interpret it well enough to block other unwanted INCOMING traffic, but we have never blocked OUTGOING traffic. Now I've been asked to block MSN Messenger on our network.
My research indicates a few ports I can block to handle some aspects of MSN (video, file transfer, etc), but chat appears to use a block of random ports. Another site I found (http://www.qorbit.net/nn/Mar-2003/0614.html) seems to indicate you can block the authentication service, but this is by destination name, not IP.
So, I'm looking for some hints on how to configure IPTables to do this. Any suggestions?
Thanks a bunch.
Shawn
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
To block MSN messenger: # iptables -A FORWARD -p TCP --dport 1863 -j DROP # iptables -A FORWARD -d 64.4.13.0/24 -j DROP
< Somebody that can confirm those 2 lines? >
They still can use web-enabled chat services... And what if a user know how to port-redirect ... ?
My opinion : don't block it, educate/ask users, log, detect misuse, warn, and give pink slip so that he/she can use MSN @ home all day...
Peter
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
