On 19 Nov 2002, at 9:11, Josh Rehman wrote: > The input chain is for incoming packets. It is unlikely that kazza > clients use a special port - they probably take the first one available, > just like web clients. > > If the client does essentially port scanning (to find a good server > port), there is little you can at the iptables level. You will have to > examine packets to deduce kazaa-ness. I don't know of a good way to do > this, but I'd be interested in the solution. Another novel solution > would be to have a stateful firewall that flags ip's that are trying > port 1214 and any ports immediately following. The worst that would > happen there is that legitimate uses of the higher ports will be > impossible for a single ip until kazaa is shut down on that ip. I like > that last solution since it doesn't require knowledge of packet > contents! But, I wouldn't know how to implement it, and users could get > around it by specifying a different initial port. >
Wouldn't it be better if you could block network activities by process (like: block all Kazaa connection to eth0 but allow connection to eth1, or something like that) aswell as by connection type, destination, source or whatever. Is there anyway to do that? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
