Block proxy use.
Jason Opperisano
opie at 817west.com
Mon Nov 22 17:01:26 CET 2004
On Mon, Nov 22, 2004 at 02:49:30PM +0100, Stian B. Barmen wrote:
> Is there som kind of filter for netfilter that can block access to
> anonymous proxies? The problem I often face is that the most advanced
> users always can work around the firewall by using proxies.
>
> I know that I could run a proxy myself but this is not exactly what I
> want. The best would be if there could be a filter similar to ipp2p
> which would check for a "proxy signature" and block those
> communications.
best option: run squid, transparently proxy connections to it, block
access to remote proxies by category with squidGuard and a decent
blacklist; or, by restricting HTTP CONNECT method.
sub-optimal options:
create a list of known remote proxies and block access to them via IP
address in netfilter or by black-holing the domains in your DNS server.
use something like l7filter (which i have zero experience with) to block
HTTP CONNECT requests. note that this method is powerless against
remote proxies that use SSL.
-j
--
"Lisa, Vampires are make-believe, like elves, gremlins, and Eskimos."
--The Simpsons
More information about the netfilter
mailing list