Re: MSN and Yahoo Block through IPTABLES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2003-06-26 at 09:40, Joel Newkirk wrote:
> On Wed, 2003-06-25 at 06:23, Asim Ejaz Butt wrote:
> > Hello Gurus,
> 
> As David Busby pointed out, you are probably better off with DROP
> policies, and ACCEPT only desired/required traffic.
> 
> > I am trying to block MSN and Yahoo Instant Messengers with my LAN using
> > IPTABLES. Following commands are used to block them but unsuccessful.
> > 
> >  /sbin/iptables -A FORWARD -p tcp -s 192.168.5.85 --dport 1863 -j REJECT
> >  /sbin/iptables -A FORWARD -p tcp -s 192.168.5.85 -d 64.4.0.0/18 -j REJECT
> 
> DROP port 1863 should be sufficient to prevent MSN clients from logging
> on to MSN messenger, IIRC.  (My only use of MSN is with Gaim under
> Linux, and 1863 is the only port I need to open for it to connect)
> 
The MSN messenger that comes with XP tries to be clever and 'probes'
your network looking for ways out using SDLP (AFAIR) to try and
autoconfigure itself. As a last resort it will try and tunnel the MSN
traffic through http.

> >  /sbin/iptables -A FORWARD -d cs.yahoo.com -j REJECT
> >  /sbin/iptables -A FORWARD -d scsa.yahoo.com -j REJECT
> 
> Apparently the only way to stop YIM is to block all connections to the
> servers.  The trick here is that there are quite a few more yahoo IM
> servers than these two rules cover...
> 
> /sbin/iptables -A FORWARD -d 63.216.136.22     -j DROP
> /sbin/iptables -A FORWARD -d 66.135.224.142    -j DROP
> /sbin/iptables -A FORWARD -d 66.136.175.132    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.168.105    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.172.117    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.76     -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.77     -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.78     -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.203    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.175.128    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.178.78     -j DROP
> /sbin/iptables -A FORWARD -d 204.71.200.36     -j DROP
> /sbin/iptables -A FORWARD -d 204.71.200.37     -j DROP
> /sbin/iptables -A FORWARD -d 204.71.201.134    -j DROP
> /sbin/iptables -A FORWARD -d 204.71.201.141    -j DROP
> /sbin/iptables -A FORWARD -d 216.136.173.172   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.173.179   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.132   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.142   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.143   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.144   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.145   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.145   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.226   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.134   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.142   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.213   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.213   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.214   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.225.12    -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.117   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.118   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.209   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.210   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.227.168   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.129   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.130   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.131   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.133   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.135   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.148   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.151   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.152   -j DROP
> 
> BTW, the two FQDNs you have are NOT (fully) represented in this list, I
> don't know if they need to be or not.  Be aware that scsa.yahoo.com
> actually maps to 8 IPs, so using it the way you do in your rule will NOT
> actually catch all of them.  "dig scsa.yahoo.com" yields:
> 
> scsa.yahoo.com.         1800    IN      CNAME   scs.yahoo.com.
> scs.yahoo.com.          1800    IN      CNAME   scs-fooe.yahoo.com.
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.138
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.148
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.152
> scs-fooe.yahoo.com.     617     IN      A       216.136.226.208
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.133
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.134
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.135
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.137
> 
> 
> 
> > Anyone help in blocking them through IPTABLES.
> > 
> > Asim Ejaz Butt
> asim.butt@xxxxxxxxxxxxxxxxxxxxxx
> 
> j
> 
> 
-- 
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux