2006/11/9, Indunil Jayasooriya <indunil75@xxxxxxxxx>:
I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it?
Read this howto first... http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html 1) Close all traffic (do this locally, or you will not be able to reach your firewal!!): iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP 2) Do NAT: iptables -t nat -A POSTROUTING -s YOUR_NET/YOUR_MASK -j MASQUERADE 3) Accept "syn" packets you need in FORWARD chain. You may need to accept other stuff like icmp, dns, related||established... Ex: iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport http -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport https -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p tcp -m tcp --dport domain -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p udp -m udp --dport domain -j ACCEPT iptables -A FORWARD -s YOUR_NET/YOUR_MASK -p icmp -j ACCEPT 4) Install and configure an HTTP proxy behind your firewall (ex. SQUID), and pay attention at your ACL, an open proxy is very dangerous!! -- dAm2K, you know I'm there! _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
