Just run this command:
ipchains -A input -s 0.0.0.0/0 -j DENY
and all your network problems will be solved forever.
BTW, please take non-tech discussions about the rightness or wrongness
(I just made that word up, pay RMS royalties if you want to use it) of
port blocking, mail filtering, mail scanning, etc to LIG.
Regards,
-- Raju
>>>>> "Suresh" == Suresh Ramasubramanian <[EMAIL PROTECTED]> writes:
Suresh> VaibhaV Sharma rearranged electrons thusly:
>> Instead what I suggest is - 1. Remove masquerading on the
>> firewall. So that the ONLY way to go out of the local net is
>> the proxy server. Whish would ONLY allow yahoo messenger
Suresh> Removing masq will break several other things as well :(
>> etc. which use HTTP. If you wanna block these too then use
>> squid ACL's OR use firewall rules again.
>> 2. If you Don wanna remove masq. but wanna block. then just
>> gather the host names from the client spoftwares like icq
>> clietn, yahoo messenger etc. and block these hosts as
>> destination hosts on the firewall. I guess the latest ICQ
>> servers are the cluster1.icq.com or something.
Suresh> route add ip.of.blocked.site 127.0.0.1 to nullroute it or
Suresh> using ipchains: /usr/sbin/ipchains -j DENY -s
Suresh> ip.in.cidr.format -I input 1
Suresh> [cidr format = 192.168.1.1/32, 192.168.1.0/24, etc]
>> I use the first one as such. Its mush easier and fool proof, to
>> an extent atleast if not completely. Flames?? Love letters??
Suresh> You would get a love letter from me - only, I don't swing
Suresh> that way :). Netadmins see it the same way, I see.
>> VaibhaV Sharma Network Administrator
Suresh> -- Suresh Ramasubramanian + mallet<@>efn.org You spamma my
Suresh> mailbox, I nukea da ass
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
