On Fri, Dec 22, 2000 at 02:03:12AM +1100, Peter wrote:
> I want to block ICQ access from any machine on my network between the
> hrs of xx00hrs and yy00hrs.
>
> I am masq using a box running kernal 2.2.6
ipchains is you're friend.
2 scenarios
usefule info
------------
johnf@garfield:~/uni/cs3710/newass/ass3$ nslookup icq.mirabilis.com
Server: mer3.vic-remote.bigpond.net.au
Address: 61.9.128.13
Non-authoritative answer:
Name: 2.fes.mirabilis.com
Addresses: 205.188.153.107, 205.188.153.109, 205.188.153.111,
205.188.153.98
205.188.153.100, 205.188.153.102, 205.188.153.105
Aliases: icq.mirabilis.com, icq.fes.mirabilis.com
1)
You have an open firewall policy where you let everything through. Then
you're going to have to explicitly block the mirabilis icq servers. I'd
create a new chain and do something like
INTERNAL=192.168.0.0/24
ipchains -N icq
ipchains -A icq -p udp -s INTERNAL -d 205.188.153.96/28 -j DENY
I'm totally guessing that subnet by the way. or you could probably get
away with
ipchains -A icq -p udp -s INTERNAL -d 0/0 4000 -j DENY instead
2)
You have a restrictive firewall. In this case put your rule that
permits icq in the icq chain. ie
ipchains -N icq
ipchains -A icq -p udep -s INTERNAL -d 0/0 4000 -j ACCEPT
then just have a cron job like so
#icq on
xx yy * * * * ipchains -I forward 1 -j icq
# icq off
xx yy * * * ipchains -D forward 1
Now that was much more interesting than my stupid Personal Software
Proccess for Egineers assignment :)
--
John Ferlito
Senior Engineer - Bulletproof Networks
ph: +61 (0) 410 519 382
http://www.bulletproof.net.au/
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
