Hello, Netfilter is a packet level firewall option, for security you should be using multiple levels. Which means adding more layers, use iptables for packet filtering and then: Exampels: Squid for http application level filtering Frox for FTP application level filtering For https allow connections to only required servers. Michael. On Thu, 10 Jun 2004 14:37:43 -0700 (PDT) SBlaze <dagent.geo@xxxxxxxxx> wrote: > I guess, blocking ports or defining ports to be allowed to users is not > enough. Users are clever and smart from day to day. Once the originial and > standard ports blocked by administrator, they use port forwarding sometimes > to some kind of hosting server or dedicated server, and they still able to do > music streaming. > > If you checkout the greatest site, let say www.shoutcast.com, u can see lots > of stations use port 80, it means connecting to radio stations would be the > same as clients surfing to the web. > > I'm still thinking patch-o-matic STRING would be the best solustion for now .. > > Regards, > Rio Martin. > > Perhaps you missed the rest of my post? I only pointed out the yahoo support > page as a starting point. I wouldn't attack this from a port point of view > becuase that method would be hit and miss. Find where the music comes from and > block the ranges it comes from. I stated examples of this with the Yahoo > LaunchCAST streaming protocol. I don't know the structure of your network so > it is hard for me to say how to find the culprits. I also used a packet > sniffer on my network to find where the service was originalting. Stopping > shoutcast maybe a bit more difficult... I'll look into that as well... > > ===== > In the absence of order there will be chaos. > > > > > __________________________________ > Do you Yahoo!? > Friends. Fun. Try the all-new Yahoo! Messenger. > http://messenger.yahoo.com/ > > > > > -- Michael Gale Network Administrator Utilitran Corporation
