ohh thats true, they still can set the proxy on the explorer to IPS proxy on port 8080, but i configure the linux box as the default gate way for them all and i blocked the ISP proxy IP. no body can get to the internet without passing my proxy through port 3128 (squid default). am just wondering, in which order the iptables rule will be matched? about L-7, i cant handle this kind of software, it seems advanced to me, i will study it 1st.
my next challenge: blocking download ( .exe, .zip, .rar, audio files, vedio files ). any hints? On 3/12/07, Zaid Amireh <[EMAIL PROTECTED]> wrote: > > > I have said it before, L-7 filtering, that would give them one hell of > a time, hehe > > Zaid > > > On 3/12/07, Ala'a Ibrahim <[EMAIL PROTECTED]> wrote: > > Well, I don't think that there is a possible way to block a service and > keep > > others. > > well for a user the possible way is to connect vnc to another machine > > outside the network and use it, or tunnel whatever service on whatever > port. > > so I guess what ahmad have done is enough. > > > > > > On 3/12/07, Zaid Amireh <[EMAIL PROTECTED]> wrote: > > > > > > > > > they can still tunnel MSN over 80. > > > > > > Zaid > > > > > > On 3/12/07, Ahmad alsane <[EMAIL PROTECTED]> wrote: > > > > ok issue solved (side effect had bean treated) with this iptables > entry > > > > > > > > #iptables -N LAN > > > > #iptables -A INPUT -j LAN > > > > #iptables -A OUTPUT -j LAN > > > > #iptables -A FORWARD -j LAN > > > > #iptables -A RH-Firewall-1-INPUT -j LAN (for redhat only) > > > > #iptables -A LAN -d login.live.com -p tcp --dport 1863 -j DROP > > > > > > > > any comments ? > > > > On 3/12/07, Ammar Ibrahim < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > On 3/12/07, Ahmad alsane <[EMAIL PROTECTED] > wrote: > > > > > > issue completly solved. here is the scenario: > > > > > > 1. we connect to the internet through ISP proxy and thats why i > > couldnt > > > > block any thing when i start - sloved by running squid. > > > > > > 2. googling for MSN messenger port result on tcp:1863 but that > was > > 3ala > > > > elfade bala mo2a`7theh - have no idea why. - solved by blocking > > > > login.live.com but there is a side effect, hotmail blocked too. > > > > > > > > > > > > > > > That's a bonus, not a side effect ;) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > REGARDS. > > > > Ahmad S. Alsane > > > > OAK CPA > > > > KSA - Jeddah > > > > +966 55 701 3494 > > > > > > > > > > > > > > > > > > -- > > > --------------------------- > > > Netiquette -> http://www.dtcc.edu/cs/rfc1855.html > > > Netiquette Nazi -> > > > > > http://redwing.hutman.net/%7Emreed/warriorshtm/netiquettenazi.htm > > > --------------------------- > > > > > > > > > http://guru.alaa-ibrahim.com/ > > > > > > > > > > > > > -- > --------------------------- > Netiquette -> http://www.dtcc.edu/cs/rfc1855.html > Netiquette Nazi -> > http://redwing.hutman.net/%7Emreed/warriorshtm/netiquettenazi.htm > --------------------------- > > > > -- REGARDS. Ahmad S. Alsane OAK CPA KSA - Jeddah +966 55 701 3494 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Jolug" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Jolug?hl=en-GB -~----------~----~----~----~------~----~------~--~---
