On 11/9/06, Indunil Jayasooriya <indunil75@xxxxxxxxx> wrote:
Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it?
Kazza and other Peer to Peer need something like a Layer 7 tool because they are very closed. The Yahoo and MSN can be blocked by blocking particular IP/ports.. HOWEVER, they all have web clients so that they can just use a browser instead. The true fix of this is the following: 1) A clear rule with consequences for using these tools on your network. E.G. if at a company, they need to register a need to use the tool, get clearance to use it and then are monitored to use it. People who do not have a clearance to use it will be detected and disciplined (fired, demoted, whatever HR says needs to be done). 2) Set up the firewall to block/detect usage of the tools. Make a daily/weekly report to HR of people abusing the rule. 3) Follow through with step 1. If #1 has no teeth, then you might as well just hang it up as the number of ways to get around firewalls these days is enormous (e.g. if your firewall doesnt block all outgoing traffic unless approved you are hosed :)). -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
