Re: RES: How to block Kazaa; NIS authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Artur Sampaio wrote:

Ok. Block a specific port is really easy... But the problem is: kazaa
tries to use the port 1214, but if it's blocked, he use other ports...
And if i block all other, it uses the port 80, that i can't block, cause
my users need web.....
I'm googling for the answer too... If i find something, i put it on the
list too.


If I understand this correctly, you are provideing internet connection to these users.

You should have an Acceptable Use Policy (AUP). Then you can justifiably deny service to the user who wants Kazaa as long as the AUP says it is not allowed. Deny service in varying degrees, as appropriate, maybe even no service if it gets to that and the user does not comply with your policy.

You are putting an obstacle in the way that he may get around, but shutting off his service he won't be able to get around. As a famous president once said "walk softly and carry a big stick". Users usually comply when they know the rules and the consequences.

Use both methods for better relations.

just my $0.02 on this.


-----Mensagem original-----
De: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx] Em nome de jludwig
Enviada em: quarta-feira, 5 de maio de 2004 16:40
Para: For users of Fedora Core releases
Assunto: Re: How to block Kazaa; NIS authentication


On Wed, 2004-05-05 at 15:03, Markku Kolkka wrote:


Artur Sampaio kirjoitti viestissään (lähetysaika keskiviikko, 5.
toukokuuta 2004 21:12):


1) The W2k user insist in use kazaa, that was prohibited from enterprise's owner.....I wish to block the port of kazaa on the server (iptables??). someone knows how?


http://www.linuxjournal.com/article.php?sid=6945

--
Markku Kolkka
markku.kolkka@xxxxxx


Blocking a port with iptables is rather trivial. A couple of examples.

$IPTABLES -A INPUT -p udp --sport 23 -s 0/0 -j LOG --log-prefix \
"Incorrect DNS source" $IPTABLES -A INPUT -i lo --sport 631 -j ACCEPT
$IPTABLES -A FORWARD -o $EXTIF -p tcp --dport 137 -j DROP $IPTABLES -A
FORWARD -o $EXTIF -p tcp --dport 138 -j DROP $IPTABLES -A FORWARD -o
$EXTIF -p tcp --dport 139 -j DROP

See http://www.linuxguruz.com/iptables/ for more and better information




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux