Andrew Suffield wrote: > On Mon, Nov 26, 2007 at 11:30:55PM +0100, shacky wrote: > >>> Short answer - you can't ! >>> >> So the only way is to remove the masquerading and to use a Squid and >> allow only the port 80 (not the 443) and disable the connect method on >> the port 80? >> > > No, but it's one way. All the others are similarly invasive. > > I have setup squid as a transparent proxy, and configured redirect rules in shorewall. I have then severely throttled 443
Almost all other ports are blocked with exception of 25 and587 for SMTP, and 110 for POP3 I have found this to be affective for hobbling most P2P and Skype as well. They will still actually "work", but they are so slow (P2P) or jitterey (Skype) that the users just give up. Regarsd, T ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
