Fajar Priyanto wrote:
On Tuesday 23 October 2007 12:05:33 kl wrote:
Good afternoon.
My client is running an openSUSE 10.3 gateway server with Squid and fetchmail/postfix/maildrop/qpopper. He wants to restrict Internet HTTP access to servers on an allowed list and no direct access to external mail.
Is there any way I can stop the uncontrolled use of Skype or other messengers from the Windows workstations?
Will appreciate any hint as how to handle this.
Hello KL, We can achieve this through several ways: 1. From squid, blocking the url. For example: acl dstdomain "/etc/squid/ban.txt" http_access deny acl
contents of ban.txt: xxx.com yyy.com
2. By iptables: For mail: iptables -I FORWARD -p tcp --dport 25 -s yourclientip -j DROP For messenger (yahoo): iptables -I INPUT -p tcp --dport 5050 -s yourclientop -j DROP (skype): iptables -I INPUT -p tcp --dport 443 -s yourclientip -j DROP
However since tcp 443 is https, then any website that uses it will be inaccessible too.
HTH,
I'm afraid this would not work - Skype does not necessarily use port 443 Skype will use any available port it finds, even port 80 which I obviously cannot block. Wolfgang Kluge --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org