Streaming and online radio

Streaming and online radio

[Helder C Souza]

[-- Attachment #1: Type: text/plain, Size: 246 bytes --]

Hello,

There is someway to block acess to online radio ( like Itunes ) and online streaming ( WindowsMedia , Real, etc ).
All this programs can go by 80 port and i can´t figure out how iptables can solve this .
Thanks.

Helder C Souza 


[-- Attachment #2: Type: text/html, Size: 933 bytes --]

Re: Streaming and online radio

[Goetz Bock]

On Mon, Nov 17 '03 at 21:29, Helder C Souza wrote:
> There is someway to block acess to online radio ( like Itunes ) and
> online streaming ( WindowsMedia , Real, etc ).  All this programs can
> go by 80 port and i can´t figure out how iptables can solve this .
Not at all, using netfilter that is.

You need a Level4 filter (there is at last one for 2.4 on sf.net and
this on (or a different one, can't remember) is part of 2.6

or you could deny all destinations that over online radio/streaming.
-- 
/"\ Goetz Bock at blacknet dot de  --  secure mobile Linux everNETting
\ /                     (c) 2003 as GNU FDL 1.1
 X   [ 1. Use descriptive subjects - 2. Edit a reply for brevity -  ]
/ \  [ 3. Reply to the list - 4. Read the archive *before* you post ]

Re: Streaming and online radio

[Antony Stone]

On Monday 17 November 2003 11:29 pm, Helder C Souza wrote:

> Hello,
>
> There is someway to block acess to online radio ( like Itunes ) and online
> streaming ( WindowsMedia , Real, etc ). All this programs can go by 80 port
> and i can´t figure out how iptables can solve this . Thanks.

Very difficult to use netfilter to block a protocol using port 80, assuming 
that you still want to allow http at the same time.

Netfilter is a packet filter - it can be set to block or allow TCP port 80, 
but it can't tell what sort of commands or responses are being sent on port 
80.   Netfilter looks at OSI layers 3 & 4, but doesn't really know about 
layer 7.

If you really want to control this sort of thing you need an application 
layer filtering system (proxy) such as squid.

Antony.

-- 

Normal people think "if it ain't broke, don't fix it".
Engineers think "if it ain't broke, it doesn't have enough features yet".

                                                     Please reply to the list;
                                                           please don't CC me.

Re: Streaming and online radio

[Goetz Bock]

On Tue, Nov 18 '03 at 01:05, Goetz Bock wrote:
> You need a Level4 filter (there is at last one for 2.4 on sf.net and
> this on (or a different one, can't remember) is part of 2.6

On Tue, Nov 18 '03 at 00:05, Antony Stone wrote:
> Netfilter looks at OSI layers 3 & 4, but doesn't really know about
> layer 7.

Of cause you need a layer, and not level and 7 not 4 filter. Sorry for
my confusion ;-/

Layer7 it is.
-- 
/"\ Goetz Bock at blacknet dot de  --  secure mobile Linux everNETting
\ /                     (c) 2003 as GNU FDL 1.1
 X   [ 1. Use descriptive subjects - 2. Edit a reply for brevity -  ]
/ \  [ 3. Reply to the list - 4. Read the archive *before* you post ]