Restricting MSN Messenger

shahul75 · 09-07-2002, 07:56 AM

Hi I am newbie to Linux...

I am in a process of learning linux myself at home...

I am using Suse 7.0 in one pc and i windoze in another..I use Linux box as gateway for windoze pc. I would like to know how to configure the firwall to restrict the windoze Pc accessing the msn messenger.

Could anybody can help me out to do this.

Thanks :)
shahul

unSpawn · 09-08-2002, 12:17 AM

IIRC, and you could simply Google the 'net for the info, you should block TCP 1863 and range 64.4.13.0/24.

shahul75 · 09-08-2002, 01:47 AM

I tried the below.... But still my msn messenger get working...

Is this what i am asked to do or somewhat else.

# Do you want to autoprotect all global running services?
#
# If set to "yes", all network access to services TCP and UDP on this machine
# which are not bound to a special IP address will be prevented (except to
# those which you explicitly allow, see below: FW_*_SERVICES_*)
# Example: "0.0.0.0:23" would be protected, but "10.0.0.1:53" not.
#
# Choice: "yes" or "no", defaults to "yes"
#
FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice
#Below BA
FW_AUTOPROTECT_GLOBAL_SERVICES_TCP="64.4.13.0/24:1863"

sarin · 09-08-2002, 01:26 PM

I don't know about MSN but yahoo takes a proxy. Make sure that it is not going through proxy
--Sarin

zLinuxz · 09-09-2002, 02:42 AM

just set the highest security for your firewall, and nothing will get through, including MSN,

unSpawn · 09-09-2002, 08:12 AM

Try adding a logging line that will log outgoing traffic and read to what server on what ports its connecting to. If it's using a proxy port it might try to do 64.4.13.0/24:80 or :8080, then just block the range w/o ports.

unSpawn · 09-09-2002, 02:26 PM

Uncomment "FW_CUSTOMRULES", open up the script mentioned there, add, stir, fry.
# Range: 64.4.13.170- 64.4.13.190, hmm, CIDR:
MSNR="64.4.130/255.255.255.224"
MSNP0="1863"
MSNP1="6891:6900"
iptables -A INPUT -b -i eth1 -d localnet -s $MSN --sport $MSNP0 -j DENY -l
iptables -A INPUT -b -i eth1 -d localnet -s $MSN --sport $MSNP1 -j DENY -l

Restart the firewall and see if this blocks. If so remove the "-l" logging param.

shahul75 · 09-10-2002, 01:40 AM

Thanks Unspawn...Its working now

jocast · 03-19-2005, 12:18 PM

does this works for all the network, can i set it for some IPs on my network? Is there any way to restrict only to some users