Topic: 5.6 iptables

[Paul F]

Any suggestions on how one would proceed to block MSN messenger/Yahoo messenger. I assume I cannot just create iptable rules and need to work with the template(s)?

Thanks!

[Klaus Eckert]

Hi Paul F

as the names tells you, iptables can only handel ip-traffic.
down in the ip-protocoll you don't know the content of the ip-packets.
further on, more than one ip-packet may belong to one message.

so, in my opinion, it's not possible to filter messenger-messages on the gateway (SME-server).

cheers
klaus

[Paul F]

No no my friend. I am simply asking if with e-smith I can simply create iptable rules or do I have to deal with templates.

It is simple to block the IP ranges and or ports on a standard linux distro by issuing iptables commands.

Thanks!

[Klaus Eckert]

OK, i see.

there is a contib that allows you to open or close ports.
search the forum for "port opening".
or create a custom template if vou know what to do.

it's not recommended to add iptables-rules manual (as every configuration in SME),  because they may be overwritten by the next expand of the templates.

cheers klaus

[Paul F]

Thanks again. Yes I did look at port blocking but I also interest in IP/IP range/pool blocking.

[Michael Soulier]

Paul F wrote:
>
> Any suggestions on how one would proceed to block MSN
> messenger/Yahoo messenger. I assume I cannot just create
> iptable rules and need to work with the template(s)?

You can block some operations of those IM clients, but I don't believe you'll be able to block basic messaging, since they both fall back to port 80 if they can't get out any other way. Well, correction, you can block them, but you'll have to cut off web access to the internet. Sneaky, aren't they?

Unless someone has written proxies for them that recognize those clients, but I have yet to hear of any.

Mike