Internet Content Filtering Suggestions

Federico Voges fvoges
Mon May 17 11:44:30 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The idea is to block the login servers. I have this from the LARTC
list:

- -------- START SNIP --------
This one Blocks AOL IM and ICQ

iptables -A FORWARD --dport 5190 -j REJECT
iptables -A FORWARD -d login.oscar.aol.com -j REJECT


- --------------------------
This one Blocks MSN Messenger  

iptables -A FORWARD -p TCP --dport 1863 -j REJECT
iptables -A FORWARD -d 64.4.13.0/24 -j REJECT

- -------- END SNIP --------

Note that the auto config of ICQ (Main -> Preferences -> Connections ->
Server -> Auto Configure) sometimes uses other port numbers besides the
default (5190). Don't know if those rules efectivelly disables the auto
config feature or not.

Bye!

On Thu, 13 Feb 2003 15:10:29 -0500, Wil McGilvery wrote:

>You could try Dans Gaurdian.
>
>It works with squid and will allow you to controls the sites they go to.
>
>http://dansguardian.org/
>
>You can also limit what files they download by extension if you wish.
>
>To block access after 6:00 pm you use a cron job to shut down squid/dansguardian.
>
>As Fredrico said, iptables can be use to block the ports that these messengers use, but they can still use port 80. 
>
>I don't know how to block by application so I just blocked the domains that these servers are on. For example I have blocked hotmail and msn messenger, but not msn.com
>
>(If anyone reading this knows how to block port 80 for msn messenger and not your browser, I would love to know how).
>
>HTH
>
>
>Wil McGilvery
>Manager, Digital Media
>
>
>
>416-744-7191
>416-716-3964 (cell)
>1-888-622-3729
>416-744-0406  FAX
>www.LynchDigital.com
>
>
>-----Original Message-----
>From: Federico Voges [mailto:fvoges at intrasoft.com.ar] 
>Sent: Thursday, February 13, 2003 1:41 PM
>To: linux-users at linux-sxs.org
>Subject: Re: Internet Content Filtering Suggestions
>
>WARNING: Unsanitized content follows.
>On Thu, 13 Feb 2003 11:03:43 -0600, Ben Duncan wrote:
>
>>Have a client that has about 25 WinSLug Computers. We need to 
>>implement some sort
>>content / virus filtering, as the employees are starting to abuse the 
>>internet connection.
>>
>>We need to allow them to access certain web sites, restrict others, 
>>BLOCK ICQ/AIM, and
>>do a "time" (Absolutely NO access to the internet after 6PM).
>>
>>Now SonicWall seems to be the leading contender here for an appliance 
>>solution, BUT, they
>>want a "subscription" on all of there devices.
>>
>>Any Suggestion here? NutZwerk Appliance? Cheap PC with linux and some 
>>sort of easy to use
>>admin software?
>>
>Te most flexible solution is the last: PC + Linux.
>
>You can use Squid + some extra soft to limit web usage and
>netfilter/iptables to block IMs.
>
>In fact, if you just need ftp/web access you can turn of forwarding at
>the gateway and force everyone to go out through Squid (and maybe, a
>socks server).
>
>One caveat: you'll need at least some scripting skills to go this way.
>
>Another option is to use one of the comercial "out of the box"
>solutions. One that looks ok is Astaro Security Linux (www.astaro.com).
>It's comercial but you can download the full product iso image to
>testing (if you like it, all you need to do is enter de reg key in the
>control panel).
>
>I haven't used it, but appears to be one of the mos t complete and
>flexible arround.
>
>You can also go the LRP style and use one of the many LRP
>clones/derivatives. A good start point is http://leaf.sf.net
>
>Just my $0.02 :)
>Federico Voges
>Socio gerente
>
>Intrasoft
>Malabia 2137 14 A
>(1425) Buenos Aires
>Argentina
>
>Te/Fax: 54-11-4833-5182
>e-mail: fvoges at intrasoft.com.ar
>Web: http://www.intrasoft.com.ar
>
>
>
>_______________________________________________
>Linux-users mailing list
>Linux-users at linux-sxs.org
>Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
>
>_______________________________________________
>Linux-users mailing list
>Linux-users at linux-sxs.org
>Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users

Federico Voges
Socio gerente

Intrasoft
Malabia 2137 14 A
(1425) Buenos Aires
Argentina

Te/Fax: 54-11-4833-5182
e-mail: fvoges at intrasoft.com.ar
Web: http://www.intrasoft.com.ar

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.0

iQA/AwUBPkv+aBRcJRaVKt4XEQIQYwCfTZLuAjTMPpQiDk2aaaMsH+AddskAoMwH
nN0ikNVGonjMEKqB1iaTINwm
=T0Uu
-----END PGP SIGNATURE-----

More information about the Linux-users mailing list