Dear All
I'm a newbie and i don't have ip-tables experince also.
So,i would like to know how to use IPTables to block some Chat Software like a Yahoo MSG,MSN,IRC and also with a Sharing files like a Napster,P2P

Could you give a suggestion to me to blocking its?

Thankz

/me hands you scissors for your internet cable.
Yep.. that should do it. :-D

Ah, File Sharing programs should be easy, and hard to block. As they usualy use a standard port or two for listening and sending connections and they can be blocked off... As for Chat software.. a lot of its written to try all sorts of ports and work around firewalls and bad internet connections.. so you might not get to block that off..

That means,I can't set a IPTABLES Box to block these chat software,right?
But i heard some linux administrator uses IPTABLES block a Chat software successful.
Anyone give me an ideal??

p2p: http://www.lowth.com/p2pwall/

chat: http://mailman.ds9a.nl/pipermail/lar...q2/003276.html

assuming this is a work environment, that the users aren't supposed to be using chat (and def not p2p) and that they _know_ they shouldn't be using it (i.e you've explicitly told them)......

Warn them once, showing them that you know they've been doing it (i.e firewall logs / whatever), explain why it's not allowed and the consequences.

2nd time, sic the HR drones on them.

(yes, it's harsh but they're adults and know they shouldn't be doing it - your network, your rules.)

I'm with frogman.

Thankz a lot.
I kicked them already

With?
How?

Q. With?
A. Boots.

Q. How?
A. Hard.

(I hope)

cat5 garrotte is always popular - readily available and easily hidden.

thankz all
I kicked them by setting a new user policy in my organization.
If someone broked my policy.
I'll inform to their manager to punish their ass!!
It's work than fight with the computer!
hehe
Thanks a lot guys

Good work.

hehe im sure you´ll be the most popular guy around your work after a while

if i had a irritating networkadmin that wouldn´t allow me to chat and stuff like that i would just encrypt it all, then he can´t say a shit

Spoken like a true co-op student.

Seriously though, P2P apps cost companies quite a bit of time and money both in bandwidth but also in repairing viruses and worse - what happens if your employees accidentally shared confidential files? P2P has it's place for personal computing or perhaps you could make a case for internal file sharing but that's it.

As for 'chat' programs... well... There are legitimate and cost-saving uses for Instant Messaging. I think management fears IM at first because they see it as a time/productivity waster but that's the old-school of thought. The mentality of, "if I don't watch my employees, they'll slack off" is not appropriate for today's world. For the most part, knowledge workers like to work and won't spend all day chatting if management does their job to ensure employees are on track with their tasks. *shrug* Eitherway, it's the companies network, they have the right to make the rules.

oh, if you are irritated with the policy, blame management, not the network admin. He's just doing his job.

<bofh>You don't think he might be curious about the encrypted traffic? A sniffer / software audit would reveal the source, you'd get a bollocking and would have a typewriter for the next month.</bofh>

if you have a 1/2 decent PHB (rare), the network admin usually has final say on what's allowed. (not in the sense that he can ok p2p, but he has some kind of veto on non-essential additional services - since he'll have to maintain it).

We use Jabber internally (quicker than email / messages are logged), but it stops at the internal firewall, partly because it doesn't need to go out, but mostly because we (IT staff) have said it's _not_ going out.

[cue overworked and underpayed rants].