Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-08-2007, 05:10 AM
|
#1
|
|
LQ Newbie
Registered: Feb 2007
Posts: 6
Rep: 
|
Blocking msn,yahoo,giam,skype etc messanger
Dear All Linux Experts ,
I want to block instant messengers such as msn,yahoo,giam,skype etc
through iptables.
I want to block these IM during office time only(9am to 5 pm) and to specific computer or IP but want to open at 1pm to 2pm (lunch time).
How to put it in cron so that iptables blocks at 9am but open at 1pm automatically.
Please help me.
|
|
|
|
|
05-08-2007, 11:16 PM
|
#2
|
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep: 
|
Note that most of these protocols are port-nimble. The only EFFECTIVE way to block them is to block ALL ports and require all traffic to go through a proxy. AIM is known to support several hundred ports, including ports 80, 110, 443, and others.
You could, however, block the default ports. You don't even need a cron job, iptables can use time as a criteria for matching, as shown here: http://linuxgazette.net/108/odonovan.html |
|
|
|
|
05-09-2007, 12:14 AM
|
#3
|
|
Member
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222
Rep:
|
Many of these IM programs can be tunneled through an authorized port to bypass restrictions. You may want to look up the Layer7 filtering project to overcome this.
Layer7 filtering takes a peek at the actual data inside a packet and can be used in conjuction with iptables to form policies.
http://l7-filter.sourceforge.net/ |
|
|
|
All times are GMT -5. The time now is 04:16 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
