Re: nubee ++ using iptables to block bit torrent ..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gregory Machin wrote:
Hi
I have a routing / firewall box that provides routing for the lan, dmz
some routed vpn, and the internet..

I have been asked to block all traffice going from that lan,then give
limited ip's full access to the internet and other limited access, via
certian ports for say mail and http..

and this seems to be working fine, execpt that, bit torrent and msn
and google talk seem the be slipping by ...

by my understanding everything should be locked down ... appart from
the http/s going via squid, which i'll tackel next ..

That's your problem. MSN, Kazaa, whatever, all tunnel over port 80 if no other means to communicate is found (i.e. direct ports open). You need content inspection to block that.

HTH,
M4



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux