* Blocking downloads
@ 2003-02-05 15:37 ASC - Ronald Roeleveld
0 siblings, 0 replies; 5+ messages in thread
From: ASC - Ronald Roeleveld @ 2003-02-05 15:37 UTC (permalink / raw)
To: 'netfilter@lists.netfilter.org'
[-- Attachment #1: Type: text/plain, Size: 575 bytes --]
Hey everyone,
Since I want to spare my download speed, and dont want clients to download
freaking warez, would it be possible to block downloads with iptables for
certain clients???
And if it's possible which ports need to closed?
Thanks in advance,
Ronald Roeleveld
System Administrator
ASCINTERNATIONAL
Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands
Tel. +31 (0)70 3178400, Fax +31 (0)70 3204760
E-mail: r.roeleveld@ascinternational.nl
<mailto:r.roeleveld@ascinternational.nl> , Website:
http://www.ascinternational.nl <http://www.ascinternational.nl/>
[-- Attachment #2: Type: text/html, Size: 1756 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Blocking downloads
@ 2003-02-05 15:45 Khanh Tran
0 siblings, 0 replies; 5+ messages in thread
From: Khanh Tran @ 2003-02-05 15:45 UTC (permalink / raw)
To: 'ASC - Ronald Roeleveld',
'netfilter@lists.netfilter.org'
[-- Attachment #1: Type: text/plain, Size: 1038 bytes --]
You can very easily block certain clients based on either MAC address and/or
IP address. As for the ports, well that depends on the application you want
to block (ie. FTP, Kazaa, web, NNTP, etc).
Khanh Tran
Network Operations
Sarah Lawrence College
-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: Wednesday, February 05, 2003 10:38 AM
To: 'netfilter@lists.netfilter.org'
Subject: Blocking downloads
Hey everyone,
Since I want to spare my download speed, and dont want clients to download
freaking warez, would it be possible to block downloads with iptables for
certain clients???
And if it's possible which ports need to closed?
Thanks in advance,
Ronald Roeleveld
System Administrator
ASCINTERNATIONAL
Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands
Tel. +31 (0)70 3178400, Fax +31 (0)70 3204760
E-mail: r.roeleveld@ascinternational.nl
<mailto:r.roeleveld@ascinternational.nl> , Website:
http://www.ascinternational.nl <http://www.ascinternational.nl/>
[-- Attachment #2: Type: text/html, Size: 2775 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Blocking downloads
@ 2003-02-05 16:01 ASC - Ronald Roeleveld
2003-02-05 18:16 ` Craig Davison
0 siblings, 1 reply; 5+ messages in thread
From: ASC - Ronald Roeleveld @ 2003-02-05 16:01 UTC (permalink / raw)
To: 'Khanh Tran'; +Cc: 'netfilter@lists.netfilter.org'
[-- Attachment #1: Type: text/plain, Size: 1385 bytes --]
What I want is that clients cannot, let's say with Internet Explorer or
Mozzila, download files from the internet, but can browse the internet.
-----Original Message-----
From: Khanh Tran [mailto:khanh@slc.edu]
Sent: woensdag 5 februari 2003 16:45
To: 'ASC - Ronald Roeleveld'; 'netfilter@lists.netfilter.org'
Subject: RE: Blocking downloads
You can very easily block certain clients based on either MAC address and/or
IP address. As for the ports, well that depends on the application you want
to block (ie. FTP, Kazaa, web, NNTP, etc).
Khanh Tran
Network Operations
Sarah Lawrence College
-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: Wednesday, February 05, 2003 10:38 AM
To: 'netfilter@lists.netfilter.org'
Subject: Blocking downloads
Hey everyone,
Since I want to spare my download speed, and dont want clients to download
freaking warez, would it be possible to block downloads with iptables for
certain clients???
And if it's possible which ports need to closed?
Thanks in advance,
Ronald Roeleveld
System Administrator
ASCINTERNATIONAL
Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands
Tel. +31 (0)70 3178400, Fax +31 (0)70 3204760
E-mail: r.roeleveld@ascinternational.nl
<mailto:r.roeleveld@ascinternational.nl> , Website:
http://www.ascinternational.nl <http://www.ascinternational.nl/>
[-- Attachment #2: Type: text/html, Size: 3619 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Blocking downloads
@ 2003-02-05 16:06 Khanh Tran
0 siblings, 0 replies; 5+ messages in thread
From: Khanh Tran @ 2003-02-05 16:06 UTC (permalink / raw)
To: 'ASC - Ronald Roeleveld'; +Cc: 'netfilter@lists.netfilter.org'
[-- Attachment #1: Type: text/plain, Size: 2059 bytes --]
Well, that is going to be a little rough since most file downloads happen
over the same port as the http traffic (port 80). You could block all ports
besides 80, but they'd still be able to download files that were http links.
You might want to look into setting file permissions or doing some kind of
kiosk-mode on your local workstations.
Khanh Tran
Network Operations
Sarah Lawrence College
1 Mead Way
Bronxville, NY 10708
(914) 395-2639
-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: Wednesday, February 05, 2003 11:02 AM
To: 'Khanh Tran'
Cc: 'netfilter@lists.netfilter.org'
Subject: RE: Blocking downloads
What I want is that clients cannot, let's say with Internet Explorer or
Mozzila, download files from the internet, but can browse the internet.
-----Original Message-----
From: Khanh Tran [mailto:khanh@slc.edu]
Sent: woensdag 5 februari 2003 16:45
To: 'ASC - Ronald Roeleveld'; 'netfilter@lists.netfilter.org'
Subject: RE: Blocking downloads
You can very easily block certain clients based on either MAC address and/or
IP address. As for the ports, well that depends on the application you want
to block (ie. FTP, Kazaa, web, NNTP, etc).
Khanh Tran
Network Operations
Sarah Lawrence College
-----Original Message-----
From: ASC - Ronald Roeleveld [mailto:r.roeleveld@ascinternational.nl]
Sent: Wednesday, February 05, 2003 10:38 AM
To: 'netfilter@lists.netfilter.org'
Subject: Blocking downloads
Hey everyone,
Since I want to spare my download speed, and dont want clients to download
freaking warez, would it be possible to block downloads with iptables for
certain clients???
And if it's possible which ports need to closed?
Thanks in advance,
Ronald Roeleveld
System Administrator
ASCINTERNATIONAL
Vlietweg 17c, 2266 KA, Leidschendam, The Netherlands
Tel. +31 (0)70 3178400, Fax +31 (0)70 3204760
E-mail: r.roeleveld@ascinternational.nl
<mailto:r.roeleveld@ascinternational.nl> , Website:
http://www.ascinternational.nl <http://www.ascinternational.nl/>
[-- Attachment #2: Type: text/html, Size: 4937 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Blocking downloads
2003-02-05 16:01 Blocking downloads ASC - Ronald Roeleveld
@ 2003-02-05 18:16 ` Craig Davison
0 siblings, 0 replies; 5+ messages in thread
From: Craig Davison @ 2003-02-05 18:16 UTC (permalink / raw)
To: ASC - Ronald Roeleveld; +Cc: netfilter
On Wed, Feb 05, 2003 at 05:01:43PM +0100, ASC - Ronald Roeleveld wrote:
> What I want is that clients cannot, let's say with Internet Explorer or
> Mozzila, download files from the internet, but can browse the internet.
Use a web proxy like Squid to block certain Content-types.
You could limit users to text/plain, text/html and image/*.
I think the configuration directive you want is req_mime_type, but I could
be wrong:
http://squid.visolve.com/squid24s1/access_controls.htm
--
Craig Davison
Symantec Corporation
+1 (403) 213-3939 ext. 228
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-02-05 18:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-02-05 16:01 Blocking downloads ASC - Ronald Roeleveld
2003-02-05 18:16 ` Craig Davison
-- strict thread matches above, loose matches on Subject: below --
2003-02-05 16:06 Khanh Tran
2003-02-05 15:45 Khanh Tran
2003-02-05 15:37 ASC - Ronald Roeleveld
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.