Topic: close outgoing ports

[John Gibbs]

Hi all.

Sorry for this post which is bordering on a newbie question but I am on a tight deadline..

I'd like to know if and how I can block p2p filesharing clients using e-smith 5.5. Does anyone have any experience doing this? Out of the box it seems to work blocking all incoming connections to my users, but how can I prevent them from connecting to others outside of our organization? The biggest offenders seem to be Kazaa and iMesh.

Also, if I do upgade to 5.6, how straightforward is it to configure iptables?

Thanks for any help.

-John

[brian kirk]

Hi
See http://forums.contribs.org/index.php?topic=15162.msg58258#msg58258
I think it is virtually impossible to block apps like kazaa as they can use port 80
To deny any port lan -> internet e-smith-denyport-0.1-3.noarch.rpm

Regards
Brian

[John Gibbs]

Thanks Brian... it seems to be working, I can't connect using Limewire on my office Mac.

Cheers,
-John

brian kirk wrote:
>
> Hi
> See
> http://forums.contribs.org/index.php?topic=15162.msg58258#msg58258
> I think it is virtually impossible to block apps like kazaa
> as they can use port 80
> To deny any port lan -> internet
> e-smith-denyport-0.1-3.noarch.rpm
>
> Regards
> Brian

[Abe Loveless]

I just installed the e-smith-denyport rpm on a 5.6 system.  It looks like it will only allow you to block ports above a certain range.

I'd really like to block port 445. I've got a client that I believe must have SQL Slammer, or someother infected Win 2K machine inside their network.  They're getting notices from mynetwatchman about attacks generated from this port number.

It seems like most of the threads that I've come across list directions for blocking ports using ipchains, rather than iptables.

Any thoughts (other than reading the iptables howtos... which just seem to confuse me)

Thanks,
Abe

[Alejandro Lengua]

Hi!
Any update on this?