Re: nubee ++ using iptables to block bit torrent ..

To:	Gregory Machin <gregory.machin@gmail.com>
Subject:	Re: nubee ++ using iptables to block bit torrent ..
From:	Martijn Lievaart <m@rtij.nl>
Date:	Fri, 30 Mar 2007 01:12:05 +0200
Cc:	netfilter@lists.netfilter.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<30200a940703270610u2d75f17cra4620615ea53a388@mail.gmail.com>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<30200a940703270610u2d75f17cra4620615ea53a388@mail.gmail.com>
Sender:	netfilter-bounces@lists.netfilter.org
User-agent:	Thunderbird 1.5.0.10 (X11/20070302)

To:

Gregory Machin <gregory.machin@gmail.com>

Subject:

Re: nubee ++ using iptables to block bit torrent ..

From:

Martijn Lievaart <m@rtij.nl>

Date:

Fri, 30 Mar 2007 01:12:05 +0200

Cc:

netfilter@lists.netfilter.org

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

In-reply-to:

<30200a940703270610u2d75f17cra4620615ea53a388@mail.gmail.com>

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

References:

<30200a940703270610u2d75f17cra4620615ea53a388@mail.gmail.com>

Sender:

netfilter-bounces@lists.netfilter.org

User-agent:

Thunderbird 1.5.0.10 (X11/20070302)

Gregory Machin wrote:

Hi
I have a routing / firewall box that provides routing for the lan, dmz
some routed vpn, and the internet..

I have been asked to block all traffice going from that lan,then give
limited ip's full access to the internet and other limited access, via
certian ports for say mail and http..

and this seems to be working fine, execpt that, bit torrent and msn
and google talk seem the be slipping by ...

by my understanding everything should be locked down ... appart from
the http/s going via squid, which i'll tackel next ..

That's your problem. MSN, Kazaa, whatever, all tunnel over port 80 if noother means to communicate is found (i.e. direct ports open). You needcontent inspection to block that.


HTH,
M4

<Prev in Thread]	Current Thread	[Next in Thread>
nubee ++ using iptables to block bit torrent .., Gregory Machin Re: nubee ++ using iptables to block bit torrent .., Martijn Lievaart <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: stateful UDP with unknown source port on INPUT?, Martijn Lievaart
Next by Date:	Re: [ipset] Minor non-blocking "sleep" bugs, Jozsef Kadlecsik
Previous by Thread:	nubee ++ using iptables to block bit torrent .., Gregory Machin
Next by Thread:	Droping all SYN, Julian Hagenauer
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: stateful UDP with unknown source port on INPUT?, Martijn Lievaart

Next by Date:

Re: [ipset] Minor non-blocking "sleep" bugs, Jozsef Kadlecsik

Previous by Thread:

nubee ++ using iptables to block bit torrent .., Gregory Machin

Next by Thread:

Droping all SYN, Julian Hagenauer

Indexes:

[Date] [Thread] [Top] [All Lists]