[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipchains-list
Subject:    Re: Filter by host?
From:       "Loren K Louthan" <lorenl () srar ! com>
Date:       2001-02-20 17:06:28
[Download RAW message or body]

NEVERMIND. Jeeez. You leave out one little "t" ...
It does indeed work as advertised, thank you, John.
-Loren
"Windows 95 is an all-new 32-bit operating
system that will run in 4 MB of memory".
-Bill Gates, May 1995
"Yeah Right" - me, June '95

----- Original Message -----
From: "Loren K Louthan" <lorenl@srar.com>
To: "ipchains" <ipchains-list@east.balius.com>
Sent: Tuesday, February 20, 2001 08:07
Subject: Re: Filter by host?


> Hello all,
>
> I have a similar quest - for yahoo messenger. I tried:
> > /sbin/ipchains -A input -i $internal_interface -s $slacker_ip_range -d
> > $yahoo_msgr_ip -p tcp -y -j DENY -l
> When I run my firewall script with this entry included, I get
> "Try /sbin/ipchains -h or /sbin/ipchains --help for more information"
> I'm running RH6.2, ipchains 1.3.9
>
> -Loren
> "I'm Libertarian. That means the
> Republicans annoy me slightly less than
> the Democrats" - Larry Elder, Nov. 2000
>
> ----- Original Message -----
> From: "John Sage" <jsage@finchhaven.com>
> To: "Tony Karakashian" <TonyK@rochestermidland.com>
> Cc: "ipchains" <ipchains-list@east.balius.com>
> Sent: Monday, February 19, 2001 08:27
> Subject: Re: Filter by host?
>
>
> > Tony:
> >
> > ipchains can DENY or REJECT packets on the basis of interface, the
> > direction a packet is headed on an interface, the source IP, the
> > destination IP, or protocol, or various combinations.
> >
> > It would be possible, on the firewall box, to DENY internally-sourced
> > IP's that had a hotmail destination.
> >
> > It would be possible to DENY from some internal IP's, so management
> > could still have *their* hotmail accounts ;-)
> >
> > The method might be to DENY tcp SYN packets, and thus not let a
> > connection be established:
> >
> > /sbin/ipchains -A input -i $internal_interface -s $slacker_ip_range -d
> > $hotmail_ip -p tcp -y -j DENY -l
> >
> > This says:
> >
> > On the internal interface, append to the input chain a rule for tcp SYN
> > packets with a slacker_ip source and an hotmail_ip destination that
> > DENY's and logs all packets
> >
> > As usual, there's more than one way to do it...
> >
> > HTH..
> >
> > - John
> >
> > --
> > John Sage
> > FinchHaven, Vashon Island, WA, USA
> > http://www.finchhaven.com/
> > mailto:jsage@finchhaven.com
> > And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"
> >
> > Tony Karakashian wrote:
> >
> > > I've encountered a problem, and I want to see if IPchains is the
> solution.
> > > The problem is, I've discoved a number of our departments have gotten
> around
> > > paying for company e-mail by using Hotmail accounts for their users.
> More
> > > so than to regain the charge-backs our department's losing, I think a
> > > company that uses a free e-mail service looks cheesy.  So, I'd like to
> block
> > > access to Hotmail.com.  Is it possible to do so with just IPchains, or
> > > should I look into a filter using Squid or somesuch?  Using this
> mechanism I
> > > hope to block access to Napster and such, too.
> > >
> > > Thanks,
> > > -T
> > >
> > > ---
> > > Tony Karakashian
> > > Network Manager
> > > Rochester Midland Corporation
> > > 716-336-2314
>

[prev in list] [next in list] [prev in thread] [next in thread]