On Tuesday 11 October 2005 01:18 pm, Steven Vishoot wrote: > thank you for correcting me, i knew i was kind of in > the neighborhood and knew it was not that simply since > a lot im programs use different ports. So it might a > good idea to know what IM program they are using would > you think? My $.02: #1 Setup a powerful iptables configuration tool like shorewall (my preferred choice) or fwbuilder and use it to limit all *outbound* traffic to a few ports (80 , 443). #2. Let them go about their business. #3. Go through the syslog messages (/var/log/messages). You will see all the ports they were trying to IM and fileshare out on, and that were blocked. #4. Think about what you want to allow. If you *only* want to allow web browsing, set up squid, and drop everything outbound that isn't destined for port 3128 on your squid server. #5. Squid will generate logs of what websites were visited. Check the logs occasionally. Email me/list if you need help setting up shorewall/squid. You may want to put the restricted PC in a modified DMZ - shorewall has a special configuration to do exactly what you are asking.