-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
The idea is to block the login servers. I have this from the LARTC list: - -------- START SNIP -------- This one Blocks AOL IM and ICQ iptables -A FORWARD --dport 5190 -j REJECT iptables -A FORWARD -d login.oscar.aol.com -j REJECT - -------------------------- This one Blocks MSN Messenger iptables -A FORWARD -p TCP --dport 1863 -j REJECT iptables -A FORWARD -d 64.4.13.0/24 -j REJECT - -------- END SNIP -------- Note that the auto config of ICQ (Main -> Preferences -> Connections -> Server -> Auto Configure) sometimes uses other port numbers besides the default (5190). Don't know if those rules efectivelly disables the auto config feature or not. Bye! On Thu, 13 Feb 2003 15:10:29 -0500, Wil McGilvery wrote: >You could try Dans Gaurdian. > >It works with squid and will allow you to controls the sites they go to. > >http://dansguardian.org/ > >You can also limit what files they download by extension if you wish. > >To block access after 6:00 pm you use a cron job to shut down squid/dansguardian. > >As Fredrico said, iptables can be use to block the ports that these messengers use, >but they can still use port 80. > >I don't know how to block by application so I just blocked the domains that these >servers are on. For example I have blocked hotmail and msn messenger, but not msn.com > >(If anyone reading this knows how to block port 80 for msn messenger and not your >browser, I would love to know how). > >HTH > > >Wil McGilvery >Manager, Digital Media > > > >416-744-7191 >416-716-3964 (cell) >1-888-622-3729 >416-744-0406 FAX >www.LynchDigital.com > > >-----Original Message----- >From: Federico Voges [mailto:[EMAIL PROTECTED]] >Sent: Thursday, February 13, 2003 1:41 PM >To: [EMAIL PROTECTED] >Subject: Re: Internet Content Filtering Suggestions > >WARNING: Unsanitized content follows. >On Thu, 13 Feb 2003 11:03:43 -0600, Ben Duncan wrote: > >>Have a client that has about 25 WinSLug Computers. We need to >>implement some sort >>content / virus filtering, as the employees are starting to abuse the >>internet connection. >> >>We need to allow them to access certain web sites, restrict others, >>BLOCK ICQ/AIM, and >>do a "time" (Absolutely NO access to the internet after 6PM). >> >>Now SonicWall seems to be the leading contender here for an appliance >>solution, BUT, they >>want a "subscription" on all of there devices. >> >>Any Suggestion here? NutZwerk Appliance? Cheap PC with linux and some >>sort of easy to use >>admin software? >> >Te most flexible solution is the last: PC + Linux. > >You can use Squid + some extra soft to limit web usage and >netfilter/iptables to block IMs. > >In fact, if you just need ftp/web access you can turn of forwarding at >the gateway and force everyone to go out through Squid (and maybe, a >socks server). > >One caveat: you'll need at least some scripting skills to go this way. > >Another option is to use one of the comercial "out of the box" >solutions. One that looks ok is Astaro Security Linux (www.astaro.com). >It's comercial but you can download the full product iso image to >testing (if you like it, all you need to do is enter de reg key in the >control panel). > >I haven't used it, but appears to be one of the mos t complete and >flexible arround. > >You can also go the LRP style and use one of the many LRP >clones/derivatives. A good start point is http://leaf.sf.net > >Just my $0.02 :) >Federico Voges >Socio gerente > >Intrasoft >Malabia 2137 14 A >(1425) Buenos Aires >Argentina > >Te/Fax: 54-11-4833-5182 >e-mail: [EMAIL PROTECTED] >Web: http://www.intrasoft.com.ar > > > >_______________________________________________ >Linux-users mailing list >[EMAIL PROTECTED] >Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users > >_______________________________________________ >Linux-users mailing list >[EMAIL PROTECTED] >Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users Federico Voges Socio gerente Intrasoft Malabia 2137 14 A (1425) Buenos Aires Argentina Te/Fax: 54-11-4833-5182 e-mail: [EMAIL PROTECTED] Web: http://www.intrasoft.com.ar -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0 iQA/AwUBPkv+aBRcJRaVKt4XEQIQYwCfTZLuAjTMPpQiDk2aaaMsH+AddskAoMwH nN0ikNVGonjMEKqB1iaTINwm =T0Uu -----END PGP SIGNATURE----- _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
