Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Jeff Martin on September 28, 2001, 09:55:26 PM
-
using info found posted around here I've tried the following to block AOL instant messenger traffic but it's not working. Anybody have any ideas? I'd like to block AIM, MSN, and Yahoo messengers.
Thanks
Here are the steps I've tried
login as: root
Create the new template directories
mkdir -p /etc/e-smith/templates-custom/etc
mkdir -p /etc/e-smith/templates-custom/etc/rc.d
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d
Copy the existing templetes to the custom area
cp -rp /etc/e-smith/templates/etc/rc.d/init.d/masq /etc/e-smith/templates-custom/etc/rc.d/init.d/
change to the custom directory
cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
Create new file
pico 45Denyaol
added these lines
/sbin/ipchains -A input -p udp -b --sport 5190 -j DENY
/sbin/ipchains -A input -p tcp -b --sport 5190 -j DENY
SAVE the file CTRL-X
Expand the templates
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
Tell e-smith to update the live config.
/sbin/e-smith/signal-event remoteaccess-update
rebooted server
-
try these commans for ip chains
/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 5190 -j DENY
/sbin/ipchains -A input -p udp -d 0.0.0.0/0 5190 -j DENY
this should work. I use this syntax to effectively block file sharing programs such as napster gnutella etc.
-
I have not had luck with this except to block ports
5190:5193 but that blocks all of AOL. I am not
an AOL fan anyway. My users can get their AOL email
via netscape etc.
Obviously port 1863 can be blocked for MSN messenger.
Anthony
-
I did everything the same way again except that I used the commands
/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 5190 -j DENY
/sbin/ipchains -A input -p udp -d 0.0.0.0/0 5190 -j DENY
instead of
/sbin/ipchains -A input -p udp -b --sport 5190 -j DENY
/sbin/ipchains -A input -p tcp -b --sport 5190 -j DENY
I also added the lines
/sbin/ipchains -A input -p tcp -d 0.0.0.0/0 1863 -j DENY
/sbin/ipchains -A input -p udp -d 0.0.0.0/0 1863 -j DENY
to try and block MSN Messenger
the new lines are added to the /etc/init.d/masq file but I can still sign on to both services.
Thanks for helping me with this
-
Gentlemen,
First, are there "working" instructions for setting up the Instant Messaging (or other) blocking? If so, could someone post them or email them to me.
Second, is there a way to block access to IM for only certain IP's(users) - since I'd like to allow a few people to access IM after I apply the blocking.
Thanks very much for your help/ideas.
Regards,
Patrick
-
Did you ever get this working? I am searching old posts to try to get some help with this. My dilema is the same, just a different port.
After I reboot (do I need to?), I still see connections on those ports.
Bob Walton
-
I had the same problem, i used ipchains to block traficc like dns, smtp and pop, and works fine, but when i tried to block ports like 1863 (MSN IM) doesnt work
-
Hi all, to Edgar or somebody, did you get ready bloking AIM???, please I wolud like to know what i have to do... thanks
-
sorry i had no response!! can somebody help us!! is there any howto?
-
I created a howto for this which can be found at
http://www.martintechnology.com/howto_block_aim.htm
Thanks,
Jeff Martin