Topic: Trying to block AIM with ipchains

[Jeff Martin]

using info found posted around here I've tried the following to block AOL instant messenger traffic but it's not working.  Anybody have any ideas?  I'd like to block AIM, MSN, and Yahoo messengers.

Thanks

Here are the steps I've tried

login as: root

Create the new template directories
mkdir -p /etc/e-smith/templates-custom/etc
mkdir -p /etc/e-smith/templates-custom/etc/rc.d
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d

Copy the existing templetes to the custom area

cp -rp /etc/e-smith/templates/etc/rc.d/init.d/masq /etc/e-smith/templates-custom/etc/rc.d/init.d/


change to the custom directory
cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq

Create new file

pico 45Denyaol

added these lines



/sbin/ipchains -A input -p udp -b --sport 5190 -j DENY
/sbin/ipchains -A input -p tcp -b --sport 5190 -j DENY

SAVE the file CTRL-X


Expand the templates
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

Tell e-smith to update the live config.
/sbin/e-smith/signal-event remoteaccess-update


rebooted server

[Doug Crosby]

try these commans for ip chains

/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 5190 -j DENY
/sbin/ipchains -A input -p udp -d 0.0.0.0/0 5190 -j DENY

this should work. I use this syntax to effectively block file sharing programs such as napster gnutella etc.

[Anthony McCarthy]

I have not had luck with this except to block ports
5190:5193 but that blocks all of AOL.  I am not
an AOL fan anyway. My users can get their AOL email
via netscape etc.
Obviously port 1863 can be blocked for MSN messenger.

Anthony

[Jeff Martin]

I did everything the same way again except that I used the commands

/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 5190 -j DENY
/sbin/ipchains -A input -p udp -d 0.0.0.0/0 5190 -j DENY

instead of

/sbin/ipchains -A input -p udp -b --sport 5190 -j DENY
/sbin/ipchains -A input -p tcp -b --sport 5190 -j DENY

I also added the lines

/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 1863 -j DENY
/sbin/ipchains -A input -p udp -d 0.0.0.0/0 1863 -j DENY

to try and block MSN Messenger

the new lines are added to the /etc/init.d/masq  file but I can still sign on to both services.



Thanks for helping me with this

[Patrick B]

Gentlemen,

First, are there "working" instructions for setting up the Instant Messaging (or other) blocking?  If so, could someone post them or email them to me.

Second, is there a way to block access to IM for only certain IP's(users) - since I'd like to allow a few people to access IM after I apply the blocking.

Thanks very much for your help/ideas.

Regards,
Patrick

[Bob Walton]

Did you ever get this working? I am searching old posts to try to get some help with this. My dilema is the same, just a different port.

After I reboot (do I need to?), I still see connections on those ports.

Bob Walton

[Edgar]

I had the same problem, i used ipchains to block traficc like dns, smtp and pop, and works fine, but when i tried to block ports like 1863 (MSN IM) doesnt work

[Henry Gómez N.]

Hi all, to Edgar or somebody, did you get ready bloking AIM???, please I wolud like to know what i have to do... thanks

[Edgar]

sorry i had no response!! can somebody help us!! is there any howto?

[Jeff Martin]

I created a howto for this which can be found at

http://www.martintechnology.com/howto_block_aim.htm

Thanks,
Jeff Martin