opie at 817west.com
Thu Dec 23 17:13:51 CET 2004
On Thu, 2004-12-23 at 10:13, Askar wrote:
> hey here is quick question let suppose i drop MSN with the below rule
> #iptables -A FORWARD -p tcp --dport 1863 -j DROP
> but its not enough, if 1863 is blocked it tries to use port 80.
> any work around ?
the "proper" way to do this, is to block "--dport 1863" in your firewall
rules, and also REDIRECT port 80 traffic to a transparent HTTP proxy
(like squid), and use ACLs in the proxy to block access to:
if you want to do this with just IP filtering, you could try blocking
port 80 access to 220.127.116.11, which is what that FQDN currently
resolves to--but this solution is kludgey and requires that you keep up
with the IP address(es) constantly.
"I have been shot eight times this year, and as a result, I almost
More information about the netfilter