[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

What do we have to do some good layer 7 filtering?



My problem is how to block all instant messaging and p2p apps: I actually
use these tables to try to block some

table <MSN_Messenger> const { 64.4.13.0/32,  65.54.226.0/24, 65.54.227.0/24, 65.54.228.0/24, 65.54.229.0/24, 65.54.230.240, 65.54.230.241, 65.54.230.242, 65.54.230.248, 65.54.231.240, 65.54.231.248, 207.46.110.0/24, 207.68.0.0/16, 213.199.150.90 }
table <hostname_MSN> const { gateway.messenger.hotmail.com, v6.messenger.msn.com, messenger.latam.msn.com, messenger.msn.it, messenger.hotmail.com, messenger.msn.com, nexus.passport.com, login.passport.com, login.passport.net }
# Yahoo Messenger
table <Yahoo_Messenger> persist { 216.136.233.129/32, 216.136.226.208/32, 216.136.233.128/32, 216.136.130.46/32, 216.136.174.145/32, 216.136.225.36/32, 216.136.225.83/32, 216.136.225.84/32, 216.136.226.117/32, 216.136.226.118/32, 216.136.227.167/32 }
# ICQ 2000
table <ICQ> persist { 205.188.0.0/16, 64.12.0.0/16 }

block return-rst in log quick on $ext_if inet proto { tcp, udp } from { <MSN_Messenger>, <hostname_MSN>, <Yahoo_Messenger>, <ICQ> } to any flags S/SA

but someone tapped his feet since login.passport.* is used by Hotmail
and MSN Messenger both and they can't access Hotmail's webmail. Any
hints? TIA.

-- 
Pierluigi De Rosa (thorin_(_at_)_durin_(_dot_)_khazad-dum_(_dot_)_net).



Visit your host, monkey.org