blocking msn
Jason Opperisano
opie at 817west.com
Thu Dec 23 17:13:51 CET 2004
On Thu, 2004-12-23 at 10:13, Askar wrote:
> hey here is quick question let suppose i drop MSN with the below rule
>
> #iptables -A FORWARD -p tcp --dport 1863 -j DROP
>
> but its not enough, if 1863 is blocked it tries to use port 80.
>
> any work around ?
> regards
the "proper" way to do this, is to block "--dport 1863" in your firewall
rules, and also REDIRECT port 80 traffic to a transparent HTTP proxy
(like squid), and use ACLs in the proxy to block access to:
http://gateway.messenger.hotmail.com/gateway/gateway.dll
if you want to do this with just IP filtering, you could try blocking
port 80 access to 207.46.104.20, which is what that FQDN currently
resolves to--but this solution is kludgey and requires that you keep up
with the IP address(es) constantly.
-j
--
"I have been shot eight times this year, and as a result, I almost
missed work."
--The Simpsons
More information about the netfilter
mailing list