Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Jon Cweson on December 13, 2001, 11:24:58 PM

Title: Block ICQ Port
Post by: Jon Cweson on December 13, 2001, 11:24:58 PM

I'm trying to block ports.  And nobody can give me a good answer.

I know how to do the templates-custom thing... and I know where to find masq.

But the ipchains thing has me scratching my head.


I want to stop the employees from using ICQ, AIM and other chat software on the LAN.

Title: Re: Block ICQ Port
Post by: Jon Cweson on December 14, 2001, 04:04:59 AM

Hello?

Title: Re: Block ICQ Port
Post by: Jon Cweson on December 14, 2001, 05:20:56 AM

/sbin/ipchains --append input -s 205.188.0.0/16   -j DENY
    /sbin/ipchains --append input -d 205.188.0.0/16    -j DENY

    /sbin/ipchains --append output -s 205.188.0.0/16    -j DENY
    /sbin/ipchains --append output -d 205.188.0.0/16    -j DENY


    /sbin/ipchains --append input -s 64.12.0.0/16   -j DENY
    /sbin/ipchains --append input -d 64.12.0.0/16    -j DENY

    /sbin/ipchains --append output -s 64.12.0.0/16    -j DENY
    /sbin/ipchains --append output -d 64.12.0.0/16    -j DENY


This is what I have so far.  Blocking the UDP port is a waste of time, because it keeps changing.

Those monkey-ass programmers at Mirabilis are worse than virus programmers.  I just can't stop it.

Title: Re: Block ICQ Port
Post by: Simeon on December 15, 2001, 01:26:12 PM

To cut off ICQ for everyone, just comment out (prefix with '#") the loading of the ICQ masquerade module in /etc/rc.d/init.d/masq (and in its template).

Title: Re: Block ICQ Port
Post by: Jon Cweson on December 15, 2001, 10:20:50 PM

Thanks.  That's a very good idea.