On Tuesday 23 October 2007 12:05:33 kl wrote:
Good afternoon.
My client is running an openSUSE 10.3 gateway server with Squid and fetchmail/postfix/maildrop/qpopper. He wants to restrict Internet HTTP access to servers on an allowed list and no direct access to external mail.
Is there any way I can stop the uncontrolled use of Skype or other messengers from the Windows workstations?
Will appreciate any hint as how to handle this.
Hello KL, We can achieve this through several ways: 1. From squid, blocking the url. For example: acl dstdomain "/etc/squid/ban.txt" http_access deny acl contents of ban.txt: xxx.com yyy.com 2. By iptables: For mail: iptables -I FORWARD -p tcp --dport 25 -s yourclientip -j DROP For messenger (yahoo): iptables -I INPUT -p tcp --dport 5050 -s yourclientop -j DROP (skype): iptables -I INPUT -p tcp --dport 443 -s yourclientip -j DROP However since tcp 443 is https, then any website that uses it will be inaccessible too. HTH, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 13:26:48 up 5 min, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn.