Hi, > > how to block messengers (yahoo, msn etc...) using iptables? >
This is my first post on this community maillist. Messengers work on temporary port numbers (for a login-logout session). So u can't block messengers like u block ftp (port 21) or telnet (port 23) etc, since there is no predictability about the port number that it works on. U can check this with "netstat" command on Windows command prompt after logging into Yahoo Messenger or any other messenger. Log out and login again, and you will find that it has opened itself in another port number. The architecture of messenger communication is somewhat like this:- There will be a central server with a fixed port number. Clients logging in are authenticated by this server and a list of all logged in users with their ip address and the temp. port no are maintained. Every one on his/her buddy list is notified (using the log list of ip/port) of his/her login and his/her ip/port duo. So they can connect to him/her directly using TCP or UDP sockets and get into private chat. The point is, when u are in private chat u are directly connected to ur buddy's computer. So to block messengers u have to use the "White List" methodology rather than "Black List". Like Allow 80,8080,22,443 and deny the rest... not deny 4456, 4478 and allow rest!!! IPtables configuration:- sorry i have not meddled with it. Someone else would help u. Bye Suresh Balasubramanian.
