[KLUG Members] Iptables

Bruce Smith bruce at armintl.com
Mon Aug 22 08:23:02 EDT 2005

Previous message: [KLUG Members] Iptables
Next message: [KLUG Members] Iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> While I was searing for solution to restrict users from accessing msn and
> yahoo messenger I found following mail describing it using iptables. I want
> to know why all rules are implemented in forward chain

Probably because that's the chain the packets transverse!   :-)
(it's a network firewall, not a single workstation running iptables)

It sounds like you need to understand more how netfilter (iptables) and
the chains work.  The graphic here is what helped me understand it:

  http://www.knowplace.org/netfilter/syntax.html


> To block Msn messenger with iptables.
> 
> # iptables -A FORWARD -p tcp --dport 1863 -j DROP
> 
> To block Yahoo messenger --> this might work but not sure..in my case it
> worked before 9 months. Yahoo messenger works on different ports.
> you can offcourse restrict the whole domain but that would not be fair.
> 
> # iptables -A FORWARD -p TCP --dport 5000:5010 -j REJECT
> # iptables -A FORWARD -d cs.yahoo.com -j REJECT
> # iptables -A FORWARD -d scsa.yahoo.com -j REJECT

 - BS

Previous message: [KLUG Members] Iptables
Next message: [KLUG Members] Iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list