On Wed, 27 Feb 2002, Rolly Tayabas wrote:
> I just want to ask help from the experts here.. How do
> i block the ports used by MIRC, ICQ, Yahoo and MSN
> Messenger, and similar softwares in my Linux Router
> Project box.
You can take the "fascist" approach using ipchains/iptables:
1. Disable all incoming connections
2. Only allow outing HTTP/HTTPS (port 80 and 443)
3. Since AIM and MSN Messenger can tunnel through
HTTP/HTTPS, block the oscar.aol.com and passport.com
domains. I'm not sure about Yahoo messenger.
4. For those who need to do ssh, telnet, POP3, provide
a separate box that they have to ssh into and from
which they can initiate their ssh, telnet, etc.
Your users may scream as they will not be able to connect to Hotmail,
check their ISP's POP mail, cannot telnet/ssh into other machines, etc.
But it's your company's resources and they should only be able to do
what your company allows them to do. :)
HTH,
G-3
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
