Re: MSN and Yahoo Block through IPTABLES

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Ray Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: MSN and Yahoo Block through IPTABLES
Date: 26 Jun 2003 10:36:15 +0200	[thread overview]
Message-ID: <1056616575.1782.40.camel@raylinux.internal> (raw)
In-Reply-To: <1056613248.1894.18.camel@alpha.newkirk.us>

[-- Attachment #1: Type: text/plain, Size: 5199 bytes --]

On Thu, 2003-06-26 at 09:40, Joel Newkirk wrote:
> On Wed, 2003-06-25 at 06:23, Asim Ejaz Butt wrote:
> > Hello Gurus,
> 
> As David Busby pointed out, you are probably better off with DROP
> policies, and ACCEPT only desired/required traffic.
> 
> > I am trying to block MSN and Yahoo Instant Messengers with my LAN using
> > IPTABLES. Following commands are used to block them but unsuccessful.
> > 
> >  /sbin/iptables -A FORWARD -p tcp -s 192.168.5.85 --dport 1863 -j REJECT
> >  /sbin/iptables -A FORWARD -p tcp -s 192.168.5.85 -d 64.4.0.0/18 -j REJECT
> 
> DROP port 1863 should be sufficient to prevent MSN clients from logging
> on to MSN messenger, IIRC.  (My only use of MSN is with Gaim under
> Linux, and 1863 is the only port I need to open for it to connect)
> 
The MSN messenger that comes with XP tries to be clever and 'probes'
your network looking for ways out using SDLP (AFAIR) to try and
autoconfigure itself. As a last resort it will try and tunnel the MSN
traffic through http.

> >  /sbin/iptables -A FORWARD -d cs.yahoo.com -j REJECT
> >  /sbin/iptables -A FORWARD -d scsa.yahoo.com -j REJECT
> 
> Apparently the only way to stop YIM is to block all connections to the
> servers.  The trick here is that there are quite a few more yahoo IM
> servers than these two rules cover...
> 
> /sbin/iptables -A FORWARD -d 63.216.136.22     -j DROP
> /sbin/iptables -A FORWARD -d 66.135.224.142    -j DROP
> /sbin/iptables -A FORWARD -d 66.136.175.132    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.168.105    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.172.117    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.76     -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.77     -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.78     -j DROP
> /sbin/iptables -A FORWARD -d 66.163.173.203    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.175.128    -j DROP
> /sbin/iptables -A FORWARD -d 66.163.178.78     -j DROP
> /sbin/iptables -A FORWARD -d 204.71.200.36     -j DROP
> /sbin/iptables -A FORWARD -d 204.71.200.37     -j DROP
> /sbin/iptables -A FORWARD -d 204.71.201.134    -j DROP
> /sbin/iptables -A FORWARD -d 204.71.201.141    -j DROP
> /sbin/iptables -A FORWARD -d 216.136.173.172   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.173.179   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.132   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.142   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.143   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.144   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.145   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.145   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.175.226   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.134   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.142   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.213   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.213   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.224.214   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.225.12    -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.117   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.118   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.209   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.226.210   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.227.168   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.129   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.130   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.131   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.133   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.135   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.148   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.151   -j DROP
> /sbin/iptables -A FORWARD -d 216.136.233.152   -j DROP
> 
> BTW, the two FQDNs you have are NOT (fully) represented in this list, I
> don't know if they need to be or not.  Be aware that scsa.yahoo.com
> actually maps to 8 IPs, so using it the way you do in your rule will NOT
> actually catch all of them.  "dig scsa.yahoo.com" yields:
> 
> scsa.yahoo.com.         1800    IN      CNAME   scs.yahoo.com.
> scs.yahoo.com.          1800    IN      CNAME   scs-fooe.yahoo.com.
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.138
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.148
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.152
> scs-fooe.yahoo.com.     617     IN      A       216.136.226.208
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.133
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.134
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.135
> scs-fooe.yahoo.com.     617     IN      A       216.136.233.137
> 
> 
> 
> > Anyone help in blocking them through IPTABLES.
> > 
> > Asim Ejaz Butt
> asim.butt@streaming-networks.com
> 
> j
> 
> 
-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

     prev parent reply	other threads:[~2003-06-26  8:36 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-25 10:23 MSN and Yahoo Block through IPTABLES Asim Ejaz Butt
2003-06-25 18:49 ` David Busby
2003-06-26 11:38   ` Asim Ejaz Butt
2003-06-26 16:12     ` Jamie Pratt
2003-06-30 16:35       ` Aaron Sethman
2003-06-26  7:40 ` Joel Newkirk
2003-06-26  8:36   ` Ray Leach [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1056616575.1782.40.camel@raylinux.internal \
    --to=raymondl@knowledgefactory.co.za \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox