I use the following Shorewall rules to block MSN: REJECT:info loc net tcp 1863 REJECT:info loc net udp 1863 REJECT:info loc net:64.4.13.0/24 all REJECT:info loc net:217.32.247.3 all REJECT:info loc net:207.46.110.3 all REJECT:info loc net:207.46.104.20 all
Those rules block access from the internal network to tcp/udp ports 1863. It also blocks access to the 64.4.13.0/24 subnet on all protocols and blocks access to 217.32.247.3, 207.46.110.3, and 207.46.104.20 on all protocols. Note: Those rules will also block access to hotmail.com and msn.com too I think. Not a big deal really. Cheers, -- Trevor Lauder Personal: Web: http://www.thelauders.net E-Mail: [EMAIL PROTECTED] Work: Senior Linux Analyst LAN Solutions Telephone: (403) 255-5026 WWW: http://www.lansolutions.ab.ca E-Mail: [EMAIL PROTECTED] Shawn Grover said: > Hi gang. > > We have an IPTables script (configured by someone other than me) for our > firewall, which has been working fine. I'm able to interpret it well > enough to block other unwanted INCOMING traffic, but we have never blocked > OUTGOING traffic. Now I've been asked to block MSN Messenger on our > network. > > My research indicates a few ports I can block to handle some aspects of > MSN (video, file transfer, etc), but chat appears to use a block of random > ports. Another site I found (http://www.qorbit.net/nn/Mar-2003/0614.html) > seems to indicate you can block the authentication service, but this is by > destination name, not IP. > > So, I'm looking for some hints on how to configure IPTables to do this. > Any suggestions? > > Thanks a bunch. > > Shawn > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
