> blocking yahoo messenger on iptables is not enough, > becoze users will still be able to connect through a > proxy, u have to block it on the proxy as well. > Maybe I'm thing too simple here, but... >From : http://help.yahoo.com/help/us/mesg/use/use-17.html <snip> If you are trying to connect from behind a firewall that doesn't use proxy servers, Yahoo! Messenger will automatically search the firewall for an open port, and, if it finds one, use that to connect. If Messenger is unable to find an open port, ask your System Administrator to open port 5050 to our Messenger servers, cs1.yahoo.com, cs2.yahoo.com, and cs3.yahoo.com <----> If your Internet connection involves an HTTP proxy, follow these steps to configure the Messenger to work through your connection: </snip> So, if you *don't* want users to connect to Yahoo Messenger, can't you do : # If users are NAT-ed iptables -A FORWARD -d cs1.yahoo.com -j DROP iptables -A FORWARD -d cs2.yahoo.com -j DROP iptables -A FORWARD -d cs3.yahoo.com -j DROP # Via (any ?) proxy iptables -A OUTPUT -d cs1.yahoo.com -j DROP iptables -A OUTPUT -d cs2.yahoo.com -j DROP iptables -A OUTPUT -d cs3.yahoo.com -j DROP Rob
