[ previous ] [ next ] [ threads ]
 From:  Hilton Travis <Hilton at QuarkAV dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] how may I block som packets
 Date:  Sat, 31 Jan 2004 09:09:22 +1000
Hi Lemor,

On Wed, 2004-01-28 at 08:23, Lemor wrote:
> fe. like kaza?

There are a number of things that are easy to block, such as web
traffic, smtp traffic, web traffic to a particular IP address or
network, most IRC servers and so on.  There are a number of things that
are much harder to block, such as MSN Messenger, Kazaa, Yahoo!
Messenger, and so on.

The reason this second class of protocols/applications is harder to
block is that they have been designed to get around firewalls by
dropping back to an often-used port - normally the http port, port 80 -
if their default port range is blocked.  This makes these next to
impossible to block with a simple port filter such as that in m0n0wall,
SmoothWall, IPCop, and anything else using this method.

There are a number of applications - mainly squidGuard and Dan's
Guardian (also sold as SmoothGuardian/Corporate Guardian)- that can be
run on your squid proxy server to assist in blocking these types of
traffic, and other forms of traffic such as advertising etc.

As m0n0wall is not a web cache (it doesn't run squid), then you will
need to have an internal machine that runs squid, that is configured to
block traffic on port 80 to these destinations.

Basically, and unfortunately, it is not that easy to block these



Hilton Travis                   Email: Hilton at QuarkAV dot com
Manager, Quark AudioVisual      Phone: +61-(0)7-3343-3889
         Quark Computers        Phone: +61-(0)419-792-394
(Brisbane, Australia)            http://www.QuarkAV.com/

Open Source Projects:		http://www.ares-desktop.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.