On Mon, Mar 31, 2008 at 12:09 PM, Anil Saini <anil.pilani@xxxxxxxxx> wrote: > how can i block port 443 for all sites except gmail and gtalk > i tried > acl https url_regex -i www.gmail.com > https_access https allow > https_access deny all > > but it is not working > is it correct.... > =======> You can do it with IPtables: Testing ############### [root@~]# telnet hotmail.com 443 Trying 64.4.32.7... Connected to hotmail.com (64.4.32.7). Escape character is '^]'. quit [root@ ~]# iptables -I OUTPUT -d hotmail.com -p tcp --dport 443 -j DROP [root@ ~]# telnet hotmail.com 443 Trying 64.4.32.7... [root@ ~]# telnet gmail.com 443 Trying 64.233.161.83... Connected to gmail.com (64.233.161.83). Escape character is '^]'. quit Connection closed by foreign host. [root@ ~]# So , in your case the following rules should work: ### First allow ### /sbin/iptables -I OUTPUT -d gmail.com -p tcp --dport 443 -j ACCEPT /sbin/iptables -I OUTPUT -d <GTALK IP > -p tcp --dport 443 -j ACCEPT ### Then Deny ### /sbin/iptables -I OUTPUT -p tcp --dport 443 -j DROP -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
