[KLUG Members] Iptables
Bruce Smith
bruce at armintl.com
Mon Aug 22 08:23:02 EDT 2005
> While I was searing for solution to restrict users from accessing msn and
> yahoo messenger I found following mail describing it using iptables. I want
> to know why all rules are implemented in forward chain
Probably because that's the chain the packets transverse! :-)
(it's a network firewall, not a single workstation running iptables)
It sounds like you need to understand more how netfilter (iptables) and
the chains work. The graphic here is what helped me understand it:
http://www.knowplace.org/netfilter/syntax.html
> To block Msn messenger with iptables.
>
> # iptables -A FORWARD -p tcp --dport 1863 -j DROP
>
> To block Yahoo messenger --> this might work but not sure..in my case it
> worked before 9 months. Yahoo messenger works on different ports.
> you can offcourse restrict the whole domain but that would not be fair.
>
> # iptables -A FORWARD -p TCP --dport 5000:5010 -j REJECT
> # iptables -A FORWARD -d cs.yahoo.com -j REJECT
> # iptables -A FORWARD -d scsa.yahoo.com -j REJECT
- BS
More information about the Members
mailing list