RE: block msn

RE: block msn

[Anderson, Ray]

[-- Attachment #1: Type: text/plain, Size: 1513 bytes --]

Well, it looks like to me that the source should be 0.0.0.0, or nothing at
all to block all msn on all machines.

-=Ray


-----Original Message-----
From: juanca [mailto:juanca@sat.com.py] 
Sent: Wednesday, July 16, 2003 4:36 AM
To: netfilter@lists.netfilter.org
Subject: block msn


I`ve got this rulset but It doesn`t work what else do I need to add?
All the windows machine work msn, just on linux doesn`t
Any suggetions ?
Thanks in advance

iptables -A FORWARD -s 192.168.0.10 -p TCP --dport 1443:1467 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.33 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.38 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1513:1525 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 66.35.229.204 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 65.54.194.118 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.34 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 208.45.129.195 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.11 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1601:1603 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 64.4.13.0/24 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 64.4.0.0/24 -j REJECT
iptables -A INPUT -p tcp -s 192.168.0.10 -d messenger.microsoft.com -j DROP


[-- Attachment #2: Type: text/html, Size: 2497 bytes --]

RE: block msn

[Rob Sterenborg]

> I`ve got this rulset but It doesn`t work what else do I need to add?
> All the windows machine work msn, just on linux doesn`t
> Any suggetions ?

With these rules I'm successfully blocking MSN usage.

Iptables :

/usr/local/sbin/iptables -A FORWARD -p tcp --dport 1863 -j REJECT
--reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.46.104.20 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.46.110.35 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.46.110.41 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.46.110.43 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.46.110.48 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.46.110.49 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.46.110.254 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.68.171.247 -p tcp --dport 80
-j REJECT --reject-with tcp-reset
/usr/local/sbin/iptables -A FORWARD -d 207.68.178.239 -p tcp --dport 80
-j REJECT --reject-with tcp-reset

Squid :

# Deny MSN access to servers
acl MSN_Servers dst 207.46.104.20
acl MSN_Servers dst 207.46.110.35
acl MSN_Servers dst 207.46.110.41
acl MSN_Servers dst 207.46.110.43
acl MSN_Servers dst 207.46.110.48
acl MSN_Servers dst 207.46.110.49
acl MSN_Servers dst 207.46.110.254
acl MSN_Servers dst 207.68.171.247
acl MSN_Servers dst 207.68.178.239
http_access deny MSN_Servers

I don't know if the serverlist is complete, but at the moment it works
for me.


--
Rob

RE: block msn

[George Vieira]

Another one... Use TCPDUMP and see where there're coming from.

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

Phone   : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
 

-----Original Message-----
From: juanca [mailto:juanca@sat.com.py]
Sent: Wednesday, July 16, 2003 9:36 PM
To: netfilter@lists.netfilter.org
Subject: block msn 


I`ve got this rulset but It doesn`t work what else do I need to add?
All the windows machine work msn, just on linux doesn`t
Any suggetions ?
Thanks in advance

iptables -A FORWARD -s 192.168.0.10 -p TCP --dport 1443:1467 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.33 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.38 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1513:1525 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 66.35.229.204 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 65.54.194.118 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.34 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 208.45.129.195 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.11 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1601:1603 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 64.4.13.0/24 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 64.4.0.0/24 -j REJECT
iptables -A INPUT -p tcp -s 192.168.0.10 -d messenger.microsoft.com -j DROP

Re: block msn

[Ray Leach]

[-- Attachment #1: Type: text/plain, Size: 1868 bytes --]

The msn clients with winblows xp also 'tunnel' via your proxy if they
can't get out via the normal methods. You need to block the msn mime
types.

With ip tables I think you could probably use a string match for
'x-msn-messenger' (if that's the mime type).

Ray

On Wed, 2003-07-16 at 13:36, juanca wrote:
> I`ve got this rulset but It doesn`t work what else do I need to add?
> All the windows machine work msn, just on linux doesn`t
> Any suggetions ?
> Thanks in advance
> 
> iptables -A FORWARD -s 192.168.0.10 -p TCP --dport 1443:1467 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.33 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.38 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1513:1525 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -d 66.35.229.204 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -d 65.54.194.118 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.34 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -d 208.45.129.195 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
> iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.11 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
> iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1601:1603 -d 0/0 -j DROP
> iptables -A FORWARD -s 192.168.0.10 -d 64.4.13.0/24 -j REJECT
> iptables -A FORWARD -s 192.168.0.10 -d 64.4.0.0/24 -j REJECT
> iptables -A INPUT -p tcp -s 192.168.0.10 -d messenger.microsoft.com -j DROP
-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

block msn

[juanca]

I`ve got this rulset but It doesn`t work what else do I need to add?
All the windows machine work msn, just on linux doesn`t
Any suggetions ?
Thanks in advance

iptables -A FORWARD -s 192.168.0.10 -p TCP --dport 1443:1467 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.33 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.38 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1513:1525 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 66.35.229.204 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 65.54.194.118 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 207.46.107.34 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 208.45.129.195 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 207.46.110.11 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1863 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -p tcp --dport 1601:1603 -d 0/0 -j DROP
iptables -A FORWARD -s 192.168.0.10 -d 64.4.13.0/24 -j REJECT
iptables -A FORWARD -s 192.168.0.10 -d 64.4.0.0/24 -j REJECT
iptables -A INPUT -p tcp -s 192.168.0.10 -d messenger.microsoft.com -j DROP