-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 cassio lima escreveu: > I used www.opendns.com <http://www.opendns.com> > > On Wed, Aug 12, 2009 at 4:55 PM, Tim Nelson <[email protected] > <mailto:[email protected]>> wrote: > > ----- "Zhu Sha Zang" <[email protected] > <mailto:[email protected]>> wrote: Hey, i'm using pfsense > with transparent proxy (squid + squidGuard) working well here. > > But some users on my network are using ultrasurf that everything > know use port 443 to connect on proxyes around internet. > > Isn't possible to block 443 port and open it selectively. > > Then, how the better way to block ultrasurf in this situation? > > thanks. >>
> You could put a rule on your LAN (or whatever interface your users > connect from) that blocks all outbound HTTPS traffic. Then, keeping > rule order in mind, selectively create allow rules for those IP's > you wish to allow outbound access to HTTPS. Ensuring the legitimate > users have the proper IP address and the malicious users don't > change it manually or spoof it is a whole different story. :-) > Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 > x105 > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > <mailto:[email protected]> For additional commands, > e-mail: [email protected] <mailto:[email protected]> > Commercial support available - https://portal.pfsense.org Hey dude, i don't understand. How u're using opendns? How this can block this type of problem? Please, tell me more about this. Thanks for now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqEFEIACgkQ35zeJy7JhCh9OACeNyn6jAcvspy9E7GEEsaJuwiy 4f8An1rv+fZxygUUI6R/B+LTTDLLKIhV =o5BM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
