VaibhaV Sharma rearranged electrons thusly:
> Instead what I suggest is -
> 1. Remove masquerading on the firewall. So that the ONLY way to go out of
> the local net is the proxy server. Whish would ONLY allow yahoo messenger
Removing masq will break several other things as well :(
> etc. which use HTTP. If you wanna block these too then use squid ACL's OR
> use firewall rules again.
> 2. If you Don wanna remove masq. but wanna block. then just gather the
> host names from the client spoftwares like icq clietn, yahoo messenger
> etc. and block these hosts as destination hosts on the firewall. I guess
> the latest ICQ servers are the cluster1.icq.com or something.
route add ip.of.blocked.site 127.0.0.1 to nullroute it
or using ipchains:
/usr/sbin/ipchains -j DENY -s ip.in.cidr.format -I input 1
[cidr format = 192.168.1.1/32, 192.168.1.0/24, etc]
> I use the first one as such. Its mush easier and fool proof, to an extent
> atleast if not completely.
> Flames?? Love letters??
You would get a love letter from me - only, I don't swing that way :).
Netadmins see it the same way, I see.
> VaibhaV Sharma
> Network Administrator
--
Suresh Ramasubramanian + mallet<@>efn.org
You spamma my mailbox, I nukea da ass
----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
