LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-20-2002, 03:04 AM   #1
Nerun
LQ Newbie
 
Registered: Feb 2002
Location: Austria
Distribution: RH7.2, 2.4.17, i686
Posts: 15

Rep: Reputation: 0
content filter on firewall


hi!

i'm searching for a content filter for my firewall; maybe in combination with iptables.

it should be capable to block things like icp, audiogalaxy, kazaa.

thx
 
Old 02-21-2002, 01:16 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,165
Blog Entries: 54

Rep: Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807
I've got no idea as to separate contentfilters, but you should be able to block Kazaa and Audiogalaxy because they use std ports.
Iptables has some form of contentfiltering called stringmatching support (IIRC) but that's experimental. Astaro and Suse promote fw packages having "content filtering", but by that they only mean HTTP traffic (using Squid prolly).

Another way I could think of would be to find some form of signature in that traffic, but that'll be hard, because Kazaa doesn't only do mp3, and let Snort block it.

Maybe you should review your fw rules, and only accept traffic for what you would explicitly allow.
 
Old 02-21-2002, 08:29 AM   #3
Nerun
LQ Newbie
 
Registered: Feb 2002
Location: Austria
Distribution: RH7.2, 2.4.17, i686
Posts: 15

Original Poster
Rep: Reputation: 0
first of all: thx.

my firewall is set up in the way, that only explicitly allowed ports are open. nonetheless, sw like icq is able to communicate via (e.g.) port 80. that makes it impossible for me, to disallow icq ...

binary patterns or signatures are interresting, but that's what i actually wanted to ask ... does someone konw something to filter via this criterias ?
 
Old 02-21-2002, 04:24 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,165
Blog Entries: 54

Rep: Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807
AFAIK, wouldn't it just be easier to just block access to their server IP addresses with these Icq type apps?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
content filter in postfix jrafalek Linux - Software 0 04-05-2005 04:19 PM
Content Filter for Firefox ubuntu-addict General 5 01-06-2005 01:25 PM
Which Content Filter? jabird Linux - Networking 1 10-11-2004 06:09 PM
Internet content filter Bamse123 Linux - Software 4 12-31-2003 08:33 PM
Sendmail Filter Content Question shelby Linux - Software 1 06-13-2003 04:25 AM


All times are GMT -5. The time now is 07:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration