Hi,
I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it?
I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand
/etc/init.d/iptables save
and I restart it
/etc/init.d/iptables restart
My box runs on Cent OS 4.4.
Help needed.
Hi Indunil,
for bloking P2P , you can use IPP2P --> www.ipp2p.org and you can find the RPM base from http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ thanks mr David
for bloking YM and MSN , better use combination iptables and squid to block url and site for server YM . regards
----- Original Message ----- From: Indunil Jayasooriya To: centos@centos.org Sent: Thursday, November 09, 2006 5:49 PM Subject: [CentOS] How to block Yahoo , MSN messanger and Kazza with IPTABLES
Hi,
I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it?
I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand
/etc/init.d/iptables save
and I restart it
/etc/init.d/iptables restart
My box runs on Cent OS 4.4.
Help needed.
-- Thank you Indunil Jayasooriya
------------------------------------------------------------------------------
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
emporindo napsal(a):
Hi Indunil,
for bloking P2P , you can use IPP2P --> www.ipp2p.org and you can find the RPM base from http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/RPMS/ thanks mr David
As to IPP2P RPM, I have rebuild it for latest kernel. I have thought no one is using it. :o) Maybe I should again start build ipt/kernel modules. Any suggestions for missing ones? D.
Oh, r u the one that has rebuilt it.
I tried it now . But failed to install it. It said dependency is miising . Then I downloaed that dependency. Then I could not install it either.
Any way, I would like to know iptables commands to block those. IF any, Pls let me know.
below are errors I got, my centos 4.4 kernel is
2.6.9-42.0.3.EL
[root@worldnet opt]# rpm -ivh ipp2p-0.8.0-6.el4.hrb.i686.rpm
warning: ipp2p-0.8.0-6.el4.hrb.i686.rpm: V3 DSA signature: NOKEY, key ID 3e6e97c3 error: Failed dependencies: kmod-ipp2p = 0.8.0 is needed by ipp2p-0.8.0-6.el4.hrb.i686
then I tried to install kmod-ipp2p
then i got the below error,
[root@worldnet opt]# rpm -ivh kmod-ipp2p-0.8.0-6.2.6.9_42.0.2.EL.el4.hrb.i686.rp m warning: kmod-ipp2p-0.8.0-6.2.6.9_42.0.2.EL.el4.hrb.i686.rpm: V3 DSA signature: NOKEY, key ID 3e6e97c3 error: Failed dependencies: ipp2p is needed by kmod-ipp2p-0.8.0-6.2.6.9_42.0.2.EL.el4.hrb.i686
On 11/9/0avid Hrbác( hrbac.conf@seznam.cz wrote:
Indunil Jayasooriya wrote:
I see one problem here: the kmod-ipp2p you have is for the 2.6.9-42.0.2.EL kernel, while you have 2.6.9-42.0.3 (a rebuild of the src.rpm against a newer kernel should fix that).
The second "problem" is a circular dependency between ipp2p and kmod-ipp2p, which can be solved easily by installing both packages in one run:
rpm -Uvh kmod-ipp2p ipp2p
Regards,
Ralph
On 11/9/06, Indunil Jayasooriya indunil75@gmail.com wrote:
Kazza and other Peer to Peer need something like a Layer 7 tool because they are very closed. The Yahoo and MSN can be blocked by blocking particular IP/ports.. HOWEVER, they all have web clients so that they can just use a browser instead.
The true fix of this is the following:
1) A clear rule with consequences for using these tools on your network. E.G. if at a company, they need to register a need to use the tool, get clearance to use it and then are monitored to use it. People who do not have a clearance to use it will be detected and disciplined (fired, demoted, whatever HR says needs to be done).
2) Set up the firewall to block/detect usage of the tools. Make a daily/weekly report to HR of people abusing the rule.
3) Follow through with step 1. If #1 has no teeth, then you might as well just hang it up as the number of ways to get around firewalls these days is enormous (e.g. if your firewall doesnt block all outgoing traffic unless approved you are hosed :)).
-
David Hrbác( -
David Hrbáč
-
emporindo -
Indunil Jayasooriya -
Ralph Angenendt -
Stephen John Smoogen