* REF: Blocking Yahoo
@ 2006-11-03 6:54 lubasi
2006-11-03 9:23 ` Steffen Heil
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: lubasi @ 2006-11-03 6:54 UTC (permalink / raw)
To: netfilter
Dear All,
I'm new to this list and netfilter as a whole.
I have setup rules on my iptables and when i block yahoo, only those
using gaim IM client using yahoo are blocked but the native yahoo IM
client is passing through my firewall. Whats wrong with my chains
below. Thank you in advance.
My chains
#Allow local loopback connections
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Drop
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
# Allow all established and related
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j
ACCEPT
# Allow connection to my ISP's DNS Server
/sbin/iptables -A OUTPUT -d [isp dns 1] -m state --state NEW -p udp
--dport 53 -o eth0 -j ACCEPT
/sbin/iptables -A OUTPUT -d [isp dns 2] -m state --state NEW -p udp
--dport 53 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -d [isp dns 1] -m state --state NEW -p udp
--dport 53 -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -d [isp dns 2] -m state --state NEW -p udp
--dport 53 -i eth1 -o eth0 -j ACCEPT
#Allow Mail POP3 and SMTP Connections
/sbin/iptables -A OUTPUT -d [isp smtp server] -m state --state NEW
-p tcp -m multiport --dport smtp,pop3 -o eth0 -j ACCEPT
/sbin/iptables -A OUTPUT -d [isp pop mail server] -m state --state
NEW -p tcp -m multiport --dport smtp,pop3 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -d [isp smtp server] -m state --state NEW
-p tcp -m multiport --dport smtp,pop3 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -d [isp pop server] -m state --state NEW -p
tcp -m multiport --dport smtp,pop3 -o eth0 -j ACCEPT
#Log all other attempts out going connections
/sbin/iptables -A OUTPUT -o [ExternalNET] -j LOG
/sbin/iptables -A FORWARD -j LOG
#Nating
/sbin/iptables -t nat -A POSTROUTING -o [ExternalNET] -j SNAT --to
[ExternalNET IP ADDRESS]
# Route all www traffic to port 3128 for http acceleration
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 3128
#Block Yahoo Messnger
/sbin/iptables -I FORWARD -s MYNETWORK/24 -d 216.155.193.0/22 -j DROP
Kind regards
Teddy L.
------------------------------------------------------
Teddy L. Nyambe
Open Source Zambia
www.opensource.org.zm
+260 97 760473
* Know that today is yesterday's future Be the change you want to see
in the world
* To Err is Human, but to really mess things up, you need a PC
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Blocking Yahoo
2006-11-03 6:54 REF: Blocking Yahoo lubasi
@ 2006-11-03 9:23 ` Steffen Heil
2006-11-03 14:17 ` REF: " Jasbir Khehra
2006-11-03 15:50 ` Mr. Ritter
2 siblings, 0 replies; 4+ messages in thread
From: Steffen Heil @ 2006-11-03 9:23 UTC (permalink / raw)
To: 'lubasi', netfilter
[-- Attachment #1: Type: text/plain, Size: 307 bytes --]
Hi
> I have setup rules on my iptables and when i block yahoo,
> only those using gaim IM client using yahoo are blocked but
> the native yahoo IM client is passing through my firewall.
> Whats wrong with my chains below. Thank you in advance.
http tunneling?
Watch you squid logs.
Regards,
Steffen
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 3109 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: REF: Blocking Yahoo
2006-11-03 6:54 REF: Blocking Yahoo lubasi
2006-11-03 9:23 ` Steffen Heil
@ 2006-11-03 14:17 ` Jasbir Khehra
2006-11-03 15:50 ` Mr. Ritter
2 siblings, 0 replies; 4+ messages in thread
From: Jasbir Khehra @ 2006-11-03 14:17 UTC (permalink / raw)
To: lubasi; +Cc: netfilter
lubasi wrote:
>Dear All,
>
>I'm new to this list and netfilter as a whole.
>
>I have setup rules on my iptables and when i block yahoo, only those
>using gaim IM client using yahoo are blocked but the native yahoo IM
>client is passing through my firewall. Whats wrong with my chains
>below. Thank you in advance.
>
>My chains
>
>
>#Block Yahoo Messnger
>/sbin/iptables -I FORWARD -s MYNETWORK/24 -d 216.155.193.0/22 -j DROP
>
>
>
Yahoo IM protocol can tunnel through port 80 , I believe Gaim also has
this feature( tweak the network settings ).
IMO best bet to block yahoo using netfilter is
l7-filter.sourceforge.net, but this requires a kernel+iptables patch.
HTH,
Jasbir
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: REF: Blocking Yahoo
2006-11-03 6:54 REF: Blocking Yahoo lubasi
2006-11-03 9:23 ` Steffen Heil
2006-11-03 14:17 ` REF: " Jasbir Khehra
@ 2006-11-03 15:50 ` Mr. Ritter
2 siblings, 0 replies; 4+ messages in thread
From: Mr. Ritter @ 2006-11-03 15:50 UTC (permalink / raw)
To: lubasi, netfilter
lubasi wrote:
> # Route all www traffic to port 3128 for http acceleration
> /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
> REDIRECT --to-port 3128
>
> #Block Yahoo Messnger
> /sbin/iptables -I FORWARD -s MYNETWORK/24 -d 216.155.193.0/22 -j DROP
How about simply moving the Yahoo block rule above the squid proxy rule,
then you don't have to worry about Yahoo/Gaim using http tunneling.
--
Ritter
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-11-03 15:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-03 6:54 REF: Blocking Yahoo lubasi
2006-11-03 9:23 ` Steffen Heil
2006-11-03 14:17 ` REF: " Jasbir Khehra
2006-11-03 15:50 ` Mr. Ritter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.