[ First, please fix your mail client to properly wrap lines. ] On Thu, Sep 25, 2008 at 04:12:14AM -0700, Vieri Di Paola wrote: > Hi, > > I've been trying to figure out an efficient way of blocking unwanted > traffic which uses port 80 (or 443). In an ideal world, LAN users > should simply "behave" and use network resources with care. However, > in a big network it's likely that there be some uncivilized users once > in a while. >
Your best bet is to use squid. Squid has a nice acl feature that allows you do block based on domain name and/or url key words. Shorewall, being a configuration tool for netfilter, is limited to operating at the levels provided by netfilter (hint: http is an application layer protocol and netfilter does not go that high in the stack). Some things to keep in mind if you decide to use squid: - You can transparently proxy non-SSL traffic, but it is not possible to transparently proxy SSL traffic - If you have more than two or three people who will be affected by this, you really need to make squid authenticate its users - It is best to do non-transparent proxying (i.e., where the user enters the proxy setting into Mozilla or whatever) since that will ensure that the proxy is used based on the protocol and not just the port - If you have Unix/Linux users this might annoy them as there is no central place to enter proxy information (like in Windows) and so they will need ot configure every app (e.g., Mozilla, wget, curl, etc) Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
