LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-27-2007, 02:41 AM   #1
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Rep: Reputation: 0
blocking googletalk


Hi,

Iam nixon here.I need to block google talk in my company .my linux running firwall.sh scripts how to set the rules in squid so that i can block google talk
and tell me the procedure where i have to write the rules exactly afterthat what i need to do


Thanks

Nixon.M
 
Old 07-27-2007, 08:12 PM   #2
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
http://www.linuxquestions.org/questi...d.php?t=363844
... what you are asking is not simple. The link provides a good discussion of the different approaches.
 
Old 07-30-2007, 02:13 AM   #3
rsean
LQ Newbie
 
Registered: Jun 2007
Posts: 15

Rep: Reputation: 0
1. Setup a content filtering proxy like SafeSquid

2. Allow only proxy to access port 80 & 443 through router. Block all other ports that are not required to be kept open. This will force users to compulsorily use the proxy.

3. Block following URLs on proxy -
talk.google.com
talkx.l.google.com

4. Also block Google Talk User Agent - User-Agent: Google Talk

http://www.safesquid.com/html/viewtopic.php?p=7113
 
Old 07-30-2007, 02:33 AM   #4
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Original Poster
Rep: Reputation: 0
Hai simon,

Iam not clear about the link which u have been provide .please tell me the procedure where need to write the commands in squid and how to write so that its better for me

need two things,



1)how can i block https --sites



2)how can i block google talk please help me on this and please guide me the procedure

Last edited by nixonmohan; 07-30-2007 at 04:25 AM.
 
Old 07-30-2007, 02:35 AM   #5
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Original Poster
Rep: Reputation: 0
Hai simon,

Iam not clear about the link which u have been provide .please tell me the procedure where need to write the commands in squid and how to write so that its better for me
 
Old 07-31-2007, 05:48 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Blocking the addresses rsean mentioned, using Squid, would go like:
Code:
acl gtalk dstdomain .talk.google.com
acl gtalk dstdomain .talkx.l.google.com
http_access deny gtalk
 
Old 08-02-2007, 02:27 AM   #7
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Original Poster
Rep: Reputation: 0
Hi,

I have addes the talk.google.com in to squid.but still iam facing the problem i could not able to block googletalk please help

2)how to write the iptables rule to block the sitelink with corresponding port

3)how to block the https sites
 
Old 08-02-2007, 02:47 AM   #8
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by nixonmohan
I have addes the talk.google.com in to squid.but still iam facing the problem i could not able to block googletalk please help
We can't help if we don't kow how they are getting through. Are they getting through Squid? Are they getting around it (getting SNATed, for example)? Have you checked the Squid logs to see if it is indeed blocking requests for the addresses posted by rsean?

Quote:
how to write the iptables rule to block the sitelink with corresponding port
Sitelink? Huh?

Quote:
how to block the https sites
Remove port 443 from your Safe_ports ACL. Comment-out the CONNECT ACL.

Last edited by win32sux; 08-02-2007 at 02:48 AM.
 
Old 08-03-2007, 04:58 AM   #9
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Original Poster
Rep: Reputation: 0
Hi,

Actually we are using port 443 for other sites

So what iam asking you is how can i block the port with corresponding sites(for example:gogletalk.com with port 443)how can i block

1)the main think is how can block the site with corresponding port



2)can you guide how to configure and setup new linux firewall cum proxy server

please help me iam planning to setup new firewall server for my company
 
Old 08-03-2007, 06:37 AM   #10
rsean
LQ Newbie
 
Registered: Jun 2007
Posts: 15

Rep: Reputation: 0
I think you need to go through the link that Simon suggested earlier thoroughly
http://www.linuxquestions.org/questi...d.php?t=363844
 
Old 08-06-2007, 05:45 AM   #11
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Original Poster
Rep: Reputation: 0
ok thanks,

Can u give me the document for setup the LINUX firewall with proxy server.because

i need to setup one linux firewall in my company i dont know the basic also .please

guide me how to setup the linux firewall cum proxy serverto my comapny
 
Old 08-06-2007, 09:59 PM   #12
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by nixonmohan
what iam asking you is how can i block the port with corresponding sites(for example:gogletalk.com with port 443)how can i block

1)the main think is how can block the site with corresponding port
Just put a port 443 ACL and a destination domain ACL together:
Code:
acl https_sites dstdomain .example.com
acl https_sites dstdomain .example.net
acl https_sites dstdomain .example.org
acl https_port port 443
http_access https_sites https_port deny
In this example, connections to port 443 on those three sites would be banned.
 
Old 08-07-2007, 04:07 AM   #13
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Original Poster
Rep: Reputation: 0
Hi below i have pasted my squid configuation,I have wirtten the squid what u have mentioned but still i cannot able to block googletalk and https://wwwl.meebo.com

Please guide me how to block these link and chat below mentioned please gothrough my squid proxy configuration
thanks




xamples:
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to deny
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

#Yahoo MSN AOL Google Chat blocking
#
##### Block AOL, YAHOO MSN Google Talk
acl aolyahoo dstdomain login.oscar.aol.com
acl aolyahoo dstdomain insider.msg.yahoo.com
acl aolyahoo dstdomain pager.yahoo.com
acl aolyahoo dstdomain shttp.msg.yahoo.com
acl aolyahoo dstdomain update.messenger.yahoo.com
acl aolyahoo dstdomain update.pager.yahoo.com
acl aolyahoo dstdomain pgq.yahoo.com
acl aolyahoo dstdomain mtab.games.yahoo.com
acl https_sites dstdomain talk.l.google.com
acl https_sites dstdomain talk.google.com
acl https_sites dstdomain meebo.com
acl aolyahoo dstdomain messenger.com
acl https_port port 5222
acl https_port port 5223
acl https_port port 443
acl site_block url_regex -i chatenabled.mail.google.com
acl site_block url_regex -i talk.google.com
acl site_block url_regex -i meebo.com
acl site_block url_regex -i meeboo.com
acl site_block url_regex -i youtube.com
acl site_block url_regex -i orkut.com
acl site_block url_regex -i naukri.com
acl site_block url_regex -i monster.com
acl site_block url_regex -i monsterindia.com
acl webmsn dstdomain webmessenger.msn.com

##### Mime blocking
##### Blocking reqested mine types
acl mimeblockq req_mime_type ^application/x-msn-messenger$
acl mimeblockq req_mime_type ^app/x-hotbar-xip20$
acl mimeblockq req_mime_type ^application/x-icq$
acl mimeblockq req_mime_type ^.*AIM.*
acl mimeblockq req_mime_type ^application/x-comet-log$
acl mimeblockq req_mime_type ^application/x-pncmd$

##### Blocking sent mime types
acl mimeblockp rep_mime_type ^application/x-msn-messenger$
acl mimeblockp rep_mime_type ^app/x-hotbar-xip20$
acl mimeblockp rep_mime_type ^application/x-icq$
acl mimeblockp rep_mime_type ^.*AIM.*
acl mimeblockp rep_mime_type ^.*AIM/HTTP
acl mimeblockp rep_mime_type ^application/x-comet-log$
acl mimeblockp rep_mime_type ^application/x-pncmd$
#
#end

###### Allow Bernad for MSN ##########
acl bernad src 192.168.0.139/255.255.255.255
acl vandana src 192.168.0.46/255.255.255.255
acl noel1 src 192.168.0.54/255.255.255.255
acl noel src 192.168.0.122/255.255.255.255
acl sudha src 192.168.0.129/255.255.255.255
#acl bernad src 192.168.0.5/255.255.255.255

# And finally deny all other access to this proxy
http_access allow bernad
http_access allow vandana
http_access allow noel1
http_access allow noel
http_access allow sudha
http_access allow localhost
http_access deny webmsn
http_access deny block_port
http_access deny aolyahoo
http_access https_sites https_port deny
http_access deny site_block
http_access deny mimeblockq
http_reply_access deny mimeblockp
http_access allow all

# TAG: http_reply_access
# Allow replies to client ::
requests. This is complementary to http_access.
#
# http_reply_access allow|deny [!] aclname ...
 
Old 08-07-2007, 11:54 PM   #14
nixonmohan
LQ Newbie
 
Registered: Jul 2007
Posts: 16

Original Poster
Rep: Reputation: 0
Hi,

Can guide me how to setup the Linux firwall cum proxy server.I want to setup new firewall in my comapny.pls help on this.otherwise please give me any documents
 
  


Reply

Tags
blocking, google, messenger, talk


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to block all the IM -- skype, googletalk, msn, yahoo, ICQ cksoo Linux - Security 20 10-09-2007 07:08 AM
Block Googletalk and all IM omprakash.nigam Linux - Security 16 05-23-2007 02:51 AM
GoogleTalk command line client introuble Linux - Software 3 11-07-2006 12:53 PM
Jabber/GoogleTALK/iCHAT users... post your account address here bento General 1 03-03-2006 01:37 PM
GoogleTalk srivastava Linux - Software 3 10-23-2005 04:17 AM


All times are GMT -5. The time now is 01:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration