LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-08-2008, 11:50 PM   #1
Net_Spy
Member
 
Registered: Nov 2006
Posts: 119

Rep: Reputation: 17
block yahoo/msn messenger using iptables


Greetings to alll,
Im using the following script there is no squid or such thing im using just direct forwarding is on. Now I want to block msn messenger and yahoo messenger on my lan how to do it using iptables here is the script below.


Code:
#! /bin/sh
#

    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    # Wan Interface
    iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
    #Lan Interface
    iptables --append FORWARD --in-interface eth0 -j ACCEPT
    #Connection Establisment
    iptables --append FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
   #iptables -A INPUT -p tcp --dport 10022 -j ACCEPT
    echo 1 > /proc/sys/net/ipv4/ip_forward
  iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 10022 -j ACCEPT
  #iptables -A OUTPUT -p tcp --sport 10022 -j ACCEPT
 
Old 08-09-2008, 12:10 AM   #2
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,247
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
actually if it were my network I would block EVERYTHING,
Then allow only certain protocols such as http, https, smtp, dns, and maybe a few others to exit the network on an as needed basis..

Letting everything out isn't really a good security practice imho..


These posts are old, so you may want to check if there are new servers as well...
http://lists.netfilter.org/pipermail...er/048925.html
http://lists.netfilter.org/pipermail...ne/045102.html
 
Old 08-09-2008, 04:12 AM   #3
immortaltechnique
Member
 
Registered: Oct 2006
Location: Kenya
Distribution: Ubuntu, RHEL, OpenBSD
Posts: 287

Rep: Reputation: 32
I totally agree with farslayer. There are possibilities of outsiders communicating with your machines from the outside via those enabled ports.

I could be tricky to block such since one can always tunnel a connection via an anonymous proxy. So leave the really IMPORTANT ports.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How can i use MSN Messenger or Yahoo Messenger in slack ware ruzvay Linux - Software 8 02-16-2006 01:42 PM
MSN or Yahoo Messenger on Linux. rvijay Linux - Software 17 02-16-2006 01:12 PM
Block Yahoo messenger Rajesh_Amma Linux - Networking 1 02-21-2005 04:02 AM
how Block MSN Messenger.... jamiguel77 Linux - Networking 3 09-17-2004 06:29 AM
Instant messenger Chat Kopete mandrake linux yahoo and MSN messenger saurya_s Linux - Software 1 11-22-2003 02:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration