Blocking messenger/chat etc with IPTABLES

antonysemion · 05-27-2006, 04:25 AM

Please help me to use IPTABLES
I want to block yahoo messenger,rediffbol,msn messenger, and another popular
messenger. I searched for its ports. But they are using wide range of ports.
We are using private ip. We have to forward all queries (like HTTP, FTP, SMTP, etc) to another machines. How can we do this. I have to block all email queries from our office to yahoo rediff etc. but allow our mail server.

-== Mode Note: Moved from another thread.
Please don't try hijacking threads! ==-

drkstr · 05-28-2006, 02:03 PM

MarleyGPN, glad you got it working.

antonysemion, welcome to LQ!
Please do not post questions not relevant to the thread. You should start your own thread to ask a question or find one that relates specifically to it.

To answer your question, you should set a restrictive iptables ruleset that blocks all traffic except for the ones you want to use. Iptables created its policies in the order you enter them, so would need to do something like this.

Code:

export LAN=eth0 #choose correct net device here

#reject all outgoing traffic from local network 
iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j REJECT

#allow forwarding for desired ports
iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 --dport 21 -j ACCEPT
iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 --dport 25 -j ACCEPT
iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 --dport 80 -j ACCEPT

Please note this is not a full iptable ruleset, you will need to add in other stuff for extra security. Try using something like surewall if you are uncomfortable with writing your own iptable rules.

regards,
...drkstr