LinuxQuestions.org - block yahoo/msn messenger using iptables

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - block yahoo/msn messenger using iptables (https://www.linuxquestions.org/questions/linux-networking-3/block-yahoo-msn-messenger-using-iptables-661531/)

block yahoo/msn messenger using iptables

Greetings to alll,
Im using the following script there is no squid or such thing im using just direct forwarding is on. Now I want to block msn messenger and yahoo messenger on my lan how to do it using iptables here is the script below.

Code:

#! /bin/sh

#



    iptables --flush

    iptables --table nat --flush

    iptables --delete-chain

    iptables --table nat --delete-chain

    # Wan Interface

    iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

    #Lan Interface

    iptables --append FORWARD --in-interface eth0 -j ACCEPT

    #Connection Establisment

    iptables --append FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

  #iptables -A INPUT -p tcp --dport 10022 -j ACCEPT

    echo 1 > /proc/sys/net/ipv4/ip_forward

  iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 10022 -j ACCEPT

  #iptables -A OUTPUT -p tcp --sport 10022 -j ACCEPT

actually if it were my network I would block EVERYTHING,
Then allow only certain protocols such as http, https, smtp, dns, and maybe a few others to exit the network on an as needed basis..

Letting everything out isn't really a good security practice imho..

These posts are old, so you may want to check if there are new servers as well...
http://lists.netfilter.org/pipermail...er/048925.html
http://lists.netfilter.org/pipermail...ne/045102.html

I totally agree with farslayer. There are possibilities of outsiders communicating with your machines from the outside via those enabled ports.

I could be tricky to block such since one can always tunnel a connection via an anonymous proxy. So leave the really IMPORTANT ports.