Hi everyone,
I have blocked outgoing connections using port 443 in my network to
force everyone to use the webproxy. However, some non-http applications
(like ShowMyPC) uses the port 443, and don't support proxies yet. I've
contacted the support of the software to know with IPs do i have to
allow it to make the program work properly, but they said there change
their server IPs very often, so they recomend use the domain name to block.
I have readed a lot here in the list and in other places that i SHOULD
NOT use domain names in iptables, cause it will result in a dns request
to every packet that reachs that rule.
the question is: is there a way that i can identify only SSL packets
that contain web content, so i can allow those who haven't, like the
ShowMyPc packets?
--
*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarneiro@xxxxxxxxxxxxxx <mailto:lscarneiro@xxxxxxxxxxxxxx>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5601/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
