[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What do we have to do some good layer 7 filtering?

My problem is how to block all instant messaging and p2p apps: I actually
use these tables to try to block some

table <MSN_Messenger> const {,,,,,,,,,,,,, }
table <hostname_MSN> const { gateway.messenger.hotmail.com, v6.messenger.msn.com, messenger.latam.msn.com, messenger.msn.it, messenger.hotmail.com, messenger.msn.com, nexus.passport.com, login.passport.com, login.passport.net }
# Yahoo Messenger
table <Yahoo_Messenger> persist {,,,,,,,,,, }
# ICQ 2000
table <ICQ> persist {, }

block return-rst in log quick on $ext_if inet proto { tcp, udp } from { <MSN_Messenger>, <hostname_MSN>, <Yahoo_Messenger>, <ICQ> } to any flags S/SA

but someone tapped his feet since login.passport.* is used by Hotmail
and MSN Messenger both and they can't access Hotmail's webmail. Any
hints? TIA.

Pierluigi De Rosa (thorin_(_at_)_durin_(_dot_)_khazad-dum_(_dot_)_net).

Visit your host, monkey.org