Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
since skype hard to block, so can i just block all the ports from internal to external, then only allow some of the port like 25, 110, 143 able to access to external. So from here i can prevent user to use skype and bittorrent download, besides that force user to use proxy server, then only can access to net.
anyway will it have any disadvantages?
by the way, if i have blocked all port (which included my proxy port 8080), can my user still use my proxy server to surf net? or i need to allow the proxy port in iptables, then my user only can access internet with my proxy server?
since skype hard to block, so can i just block all the ports from internal to external, then only allow some of the port like 25, 110, 143 able to access to external. So from here i can prevent user to use skype and bittorrent download, besides that force user to use proxy server, then only can access to net.
Yes, you can do that. The commands in my last post allow the clients to start outgoing connections to ports 25, 110, and 8080. I don't know if it'll stop Skype and/or BitTorrent, though.
Quote:
anyway will it have any disadvantages?
by the way, if i have blocked all port (which included my proxy port 8080), can my user still use my proxy server to surf net? or i need to allow the proxy port in iptables, then my user only can access internet with my proxy server?
Yes, you can simply disable forwarding and require all users to connect to the proxy. The advantage to this is you pretty much get to control all their access via proxy ACLs. I don't know if it will stop Skype, though. I mean, AFAIK Skype will indeed work through a proxy.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.