RE: Quick IP Blocking question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You can use squid integrated with squidgard, that is the best option to manage youtube.

I redirect the requests to a warning webpage with they try to use it during HOO.

Regards

-----Original Message-----
From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Greg Folkert
Sent: viernes 14 de marzo de 2014 08:50 a.m.
To: Danny
Cc: netfilter@xxxxxxxxxxxxxxx
Subject: Re: Quick IP Blocking question

On Fri, 2014-03-14 at 15:58 +0200, Danny wrote:
> Hi,
> 
> Can you please check if the following rule is correct. The purpose of 
> this rule is to allow only access to youtube from 15:00 to 18:00
> 
> iptables -A OUTPUT -p tcp --dport 80 -d 208.65.153.238 -m time 
> --timestart 15:00 --timeend 18:00 -j ACCEPT iptables -A OUTPUT -p tcp 
> --dport 80 -d 208.65.153.238 -j REJECT
> 
> How can I modify the above rule to block a specific IP or MAC address 
> from my internal network to access youtube at specific times?
> 
> Thank you guys
> 
> Have a nice day
> 
> Danny
Danny,

I hate to break this to you... but Youtube is served by hundreds of IP Addresses. Depnding on time of day, the round robin DNS, the cname rotation and various other things like locations and source netowrk (your ISP). My current list shows a completely different set of IP Addresses that even is close your IP Address here at home (173.194.46.32-46), at Work I get a different set (74.125.225.192-206)

If you are going to do that properly, you'll need to use either transparent proxy or force the browsers to use something like squid and then use name based ACLs with the time restrictions.

Good Luck.
--
greg folkert - systems administration and support
web:    donor.com
email:  greg@xxxxxxxxx
phone:  877-751-3300 x416
direct: 616-328-6449 (direct dial and fax) "There's something to be said in favor of working in isolation in the real world."
    -- A. R. Ammons

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux