how to block music ports in linux

jorge_ivan · 09-26-2006, 06:38 PM

Hi, I am a network administrator and I would like to know how to block the music ports in a red hat linux server, because some users are using their workstations to listen music on line and using up the network bandwith.
thanks in advance....

pljvaldez · 09-26-2006, 06:49 PM

You can look through this list for audio and video ports to block. Not sure if that will get them all, but it's a start...

amitsharma_26 · 09-27-2006, 10:29 AM

jorge..

Code:

iptables -A INPUT -p tcp -s <client-ip> --dport ! 80 -j LOG
iptables -A INPUT -p tcp -s <client-ip> --dport ! 53 -j LOG

With rule like the above ones you can log all the packets that are not used for browsing & name conversion & further block them to stop unnecesary bandwidth usage. (here i am assuming that you are not providing any other services to your clients; & if you have some other services then you could probably run another rule to bypass those packets as well)

This is basically for montoring about what are the packets are traversing through your firewall.

You got to go through your logs & then make a note of other ports & block them at FORWARD / INPUT (depending on the way your clients are being offered the internet service)

////// · 09-27-2006, 03:14 PM

If you use some IDS like snort inline you could easily drop their authentication packets (if they listen shoutcast or something similiar), just sniff their traffick and write your own drop rule based on those packets.

That way it wouldnt matter what ports or proxies (except encrypted) they are using.

tuxdev · 09-27-2006, 03:26 PM

If your users don't really need sound at all, you can just disable audio support on all your workstations. Might even lead to a better lab/work enviroment.