Well,
that is going to be a little rough since most file downloads happen over the
same port as the http traffic (port 80). You could block all ports besides
80, but they'd still be able to download files that were http links. You
might want to look into setting file permissions or doing some kind of
kiosk-mode on your local workstations.
Khanh Tran
Network Operations
Sarah Lawrence College
1
Mead Way
Bronxville, NY 10708
(914) 395-2639
-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: Wednesday, February 05, 2003 11:02 AM
To: 'Khanh Tran'
Cc: 'netfilter@lists.netfilter.org'
Subject: RE: Blocking downloadsWhat I want is that clients cannot, let's say with Internet Explorer or Mozzila, download files from the internet, but can browse the internet.-----Original Message-----
From: Khanh Tran [mailto:khanh@slc.edu]
Sent: woensdag 5 februari 2003 16:45
To: 'ASC - Ronald Roeleveld'; 'netfilter@lists.netfilter.org'
Subject: RE: Blocking downloadsYou can very easily block certain clients based on either MAC address and/or IP address. As for the ports, well that depends on the application you want to block (ie. FTP, Kazaa, web, NNTP, etc).Khanh Tran
Network Operations
Sarah Lawrence College-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: Wednesday, February 05, 2003 10:38 AM
To: 'netfilter@lists.netfilter.org'
Subject: Blocking downloadsHey everyone,Since I want to spare my download speed, and dont want clients to download freaking warez, would it be possible to block downloads with iptables for certain clients???And if it's possible which ports need to closed?Thanks in advance,Ronald Roeleveld
System AdministratorASCINTERNATIONAL
Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands
Tel. +31 (0)70 3178400, Fax +31 (0)70 3204760
E-mail: r.roeleveld@ascinternational.nl, Website: http://www.ascinternational.nl
