[LARTC] Re: How to block Yahoo , MSN messanger and Kazza with IPTABLES

To:	lartc@mailman.ds9a.nl
Subject:	[LARTC] Re: How to block Yahoo , MSN messanger and Kazza with IPTABLES
From:	dAm2K <dam2000@gmail.com>
Date:	Thu, 9 Nov 2006 12:17:58 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=o5kssdJfZJRfimPMEfpA8ScaCNz93oXNR2KP3s/iD+DXX3C99/ubZL8drcjGaCIBCPhIy4mCQoDH3/gigsY6VpokN91EPixPzRbx7lM7r7dZl299BVEFfXGnOegra7X7iUBN6GtzO4uHZZ98Nj20zvCueIyC0WrAoUj7QtNr/Ps=
In-reply-to:	<7ed6b0aa0611090150t4cb135f7s20fccd0c5dbd4c48@mail.gmail.com>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<7ed6b0aa0611090149u1335d99fnd97c95b1b8f1e2b1@mail.gmail.com> <7ed6b0aa0611090150t4cb135f7s20fccd0c5dbd4c48@mail.gmail.com>
Sender:	lartc-bounces@mailman.ds9a.nl

2006/11/9, Indunil Jayasooriya <indunil75@gmail.com>:

I want to block  Yahoo Messenger, MSN messanger and Kazza with IPTABLES as
my local network users always go there.

How Can I do it?



Read this howto first...
http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html

1) Close all traffic (do this locally, or you will not be able to
reach your firewal!!):
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

2) Do NAT:
iptables -t nat -A POSTROUTING -s YOUR_NET/YOUR_MASK -j MASQUERADE

3) Accept "syn" packets you need in FORWARD chain. You may need to
accept other stuff like icmp, dns, related||established...
Ex:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport http -j ACCEPT
iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport https -j ACCEPT
iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport domain -j ACCEPT
iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p udp -m udp --dport domain -j ACCEPT
iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p icmp -j ACCEPT

4) Install and configure an HTTP proxy behind your firewall (ex.
SQUID), and pay attention at your ACL, an open proxy is very
dangerous!!


--
dAm2K, you know I'm there!
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Fwd: How to block Yahoo , MSN messanger and Kazza with IPTABLES, Indunil Jayasooriya [LARTC] Re: How to block Yahoo , MSN messanger and Kazza with IPTABLES, dAm2K <= Re: [LARTC] Fwd: How to block Yahoo , MSN messanger and Kazza with IPTABLES, the sew

Previous by Date:	[LARTC] Fwd: How to block Yahoo , MSN messanger and Kazza with IPTABLES, Indunil Jayasooriya
Next by Date:	Re: [LARTC] Two uplinks, two networks and policy routing help requested, the sew
Previous by Thread:	[LARTC] Fwd: How to block Yahoo , MSN messanger and Kazza with IPTABLES, Indunil Jayasooriya
Next by Thread:	Re: [LARTC] Fwd: How to block Yahoo , MSN messanger and Kazza with IPTABLES, the sew
Indexes:	[Date] [Thread] [Top] [All Lists]