Re: (linux-br)Utilidade pública - bloquearKazaa

Fabrício Lamonica Thu, 12 May 2005 13:44:04 -0700

Galera,

como n�s sabemos, cada empresa tem suas necessidades e muitas vezes bloquear 
tudo e liberar somente o necess�rio n�o � o ideal por v�rios motivos. 
O que tentei fazer aqui foi compartilhar as informa��es mais relevantes que 
s�o os servidores do MSN e Kazaa e suas portas, mas a forma como isso vai ser 
aplicado no firewall vai depender da prefer�ncia de cada um.


Agrade�o as sugest�es, mas n�o quis levantar nenhuma discuss�o a respeito, e 
sim disponibilizar uma pequena ajuda as pessoas que por ventura tenham 
procurado alguma coisa na Internet e n�o tiveram sucesso.

-- 
[ ]'s
Fabr�cio Lamonica
Analista de T.I.
Linux User # 169949
Net & Net Tecnologia em Inform�tica Ltda.
http://www.netenet.com.br


Em Qua 11 Mai 2005 18:25, Edson Ricardo Sim�o escreveu:
> Sem querer desmerecer o seu trabalho, n�o seria mais f�cil mudar a pol�tica
> padr�o das chains para DROP e liberar s� o que � necess�rio, ao inv�s de
> usar esse tanto de regras?
>
> Em Qua 11 Mai 2005 15:53, Fabr�cio Lamonica escreveu:
> > Pessoal,
> > segue as regras de iptables agora para bloquear Kazaa. Aqui funcionou
> > belezinha.
> >
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 1214 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 1286 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 1334 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 1337 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 1349 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 1374 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 1406 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 1894 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 2206 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 2243 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 2250 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 2258 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 2358 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 2391 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 2464 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 2589 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 2597 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 2861 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 3003 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 3074 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 3292 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 3474 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 3640 -j DROP iptables -t nat -A
> > POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0 --dport 3756 -j DROP
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 3808 -j DROP iptables -t nat -A POSTROUTING -p tcp -s
> > 192.168.0.0/24 -d 0.0.0.0/0 --dport 3958 -j DROP
> >
> >
> > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 0.0.0.0/0
> > --dport 32656 -j DROP iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d
> > 200.155.63.5/24 -j DROP iptables -t nat -A POSTROUTING -s 192.168.0.0/24
> > -d 64.14.124.65/24 -j DROP iptables -t nat -A POSTROUTING -s
> > 192.168.0.0/24 -d 200.155.63.7/24 -j DROP iptables -t nat -A POSTROUTING
> > -s 192.168.0.0/24 -d 68.97.73.224/24 -j DROP iptables -t nat -A
> > POSTROUTING -s 192.168.0.0/24 -d 67.140.33.50/24 -j DROP iptables -t nat
> > -A POSTROUTING -s 192.168.0.0/24 -d 64.233.161.104/24 -j DROP iptables -t
> > nat -A POSTROUTING -s 192.168.0.0/24 -d 12.202.146.153/24 -j DROP
> > iptables -t nat -A POSTROUTING -s
> > 192.168.0.0/24 -d 172.164.197.186/24 -j DROP iptables -t nat -A
> > POSTROUTING -s 192.168.0.0/24 -d 68.35.78.53/24 -j DROP iptables -t nat
> > -A POSTROUTING -s 192.168.0.0/24 -d 69.70.244.213/24 -j DROP iptables -t
> > nat -A POSTROUTING -s 192.168.0.0/24 -d 85.226.71.201/24 -j DROP iptables
> > -t nat -A POSTROUTING -s 192.168.0.0/24 -d 200.113.117.79/24 -j DROP
> > iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 201.13.83.97/24 -j
> > DROP iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 68.204.44.183/24
> > -j DROP iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d
> > 68.119.69.171/24 -j DROP iptables -t nat -A POSTROUTING -s 192.168.0.0/24
> > -d 69.149.82.100/24 -j DROP iptables -t nat -A POSTROUTING -s
> > 192.168.0.0/24 -d 24.122.71.237/24 -j DROP
>
> ---------------------------------------------------------------------------
> Esta lista  patrocinada pela Conectiva S.A. Visite
> http://www.conectiva.com.br
>
> Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
> Regras de utilizao da lista: http://linux-br.conectiva.com.br
> FAQ: http://www.zago.eti.br/menu.html


---------------------------------------------------------------------------
Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br

Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utiliza��o da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html

Re: (linux-br)Utilidade pública - bloquearKazaa

Responder a