From: "Alexis" <alexis@tpys.com.ar>
To: Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Rules for Blocking Proxies...
Date: Tue, 20 Apr 2004 11:23:48 -0300 [thread overview]
Message-ID: <00b901c426e3$a189f0a0$0c00a8c0@pepelui> (raw)
In-Reply-To: 200404201453.14678.Antony@Soft-Solutions.co.uk
beside this.
You could remove privileges from the clients, even with an active directory
implementation (ajjjj) or i think i saw cybercafe software that block any
settings change on the client box.
----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: "Netfilter" <netfilter@lists.netfilter.org>
Sent: Tuesday, April 20, 2004 10:53 AM
Subject: Re: Rules for Blocking Proxies...
> On Tuesday 20 April 2004 2:35 pm, Alexis wrote:
>
> > set up your own proxy server and only permit connections to this box :)
>
> I must admit I had assumed, when answering this previously, that Harry was
> already running his own proxy, but wanted to stop clients reconfiguring
their
> browsers to go direct instead.
>
> If the proxy server is instead on the outside of the network, then the
answer
> to the question "how do I stop people changing the browser settings to
bypass
> the proxy?" is to allow connections on TCP port 80 to the proxy server
only,
> and block all other destination addresses for that port.
>
> Remember of course that you can always do a DNAT rule to send people to
the
> proxy address anyway, even if they did decide to go direct - then instead
of
> getting a "connection timeout" message they find themselves using the
proxy
> even after reconfiguring their browser settings :)
>
> iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT --to IP.of.pro.xy
>
> Regards,
>
> Antony.
>
> > Hi All,
> > I am running Fedora and Redhat 9 on two servers at my Cybercafe,
> > connected on two Hi speed Lines, I have a decent firewall script, but
these
> > days I am facing issues about people changing the Proxy settings in
order
> > to get thru porn sites, can anybody suggest some rules which I can
> > implement in the script that avoids connection to these servers?
> > Suggestions are welcome.
> >
> > Regards
> >
> > Harry
>
> --
> The difference between theory and practice is that in theory there is no
> difference, whereas in practice there is.
>
> Please reply to the
list;
> please don't CC
me.
>
>
>
next prev parent reply other threads:[~2004-04-20 14:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-20 16:44 Rules for Blocking Proxies Harry
2004-04-20 5:50 ` Rio Martin
2004-04-20 7:35 ` Antony Stone
2004-04-20 13:35 ` Alexis
2004-04-20 13:47 ` Ray Leach
2004-04-20 13:53 ` Antony Stone
2004-04-20 14:23 ` Alexis [this message]
2004-04-20 14:27 ` Alexis
2004-04-20 14:37 ` Antony Stone
2004-04-21 23:39 ` Harry
2004-04-28 17:34 ` Rules for Blocking Proxies...THANKS !! Harry
2004-04-28 6:53 ` Rio Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00b901c426e3$a189f0a0$0c00a8c0@pepelui' \
--to=alexis@tpys.com.ar \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox