Hi Piyush, Piyush Joshi wrote: > Dear All Expert, > I am new to this list and have a question > regarding netfilter. We are successfully running netfilter and now we > are seeing that some users using malicious tools to go to the internet > by creating https connection to outside proxy and open banned sites, > Is there any patch for iptables to prevent this ?? > Well, considering you cannot inspect the content of an HTTPS connection, the *best* way to do that is to allow HTTPS connection only to websites you know and want to authorize. Your users must use a proxy you control to go on the Internet. Then, you can just filter HTTPS website using a white list of authorized ones. Note that, from the Netfilter point of view, HTTP and HTTPS connections are only seen as TCP connection, no difference is made between them. Regards, Julien > > Thanks Regards > > Piyush Joshi > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
begin:vcard fn:Julien Vehent n:Vehent;Julien email;internet:julien@xxxxxxxxxxxxxx tel;cell:+33 6 23 86 58 73 note;quoted-printable:Linuxwall Root Certificate :=0D=0A= http://www.linuxwall.info/files/ca-linuxwall.crt=0D=0A= =0D=0A= Personal Certificate :=0D=0A= http://www.linuxwall.info/files/JulienVehent.pem x-mozilla-html:FALSE url:http://www.linuxwall.info version:2.1 end:vcard
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
