Greetings, Merry Christmas to all...
By Proxy based firewalls do you mean that the internal users on my NATted LAN do not have a default route to the internet and they need to connect to the net using only a proxy (squid etc...), well that is a bit of a problem as the squid is there for http only rest every one on the LAN need to be able to connect to the external FTP servers the upload and MySQL servers for updating things etc thus not a very easy thing to implement.
I have blocked kazaa.com from both the proxy and using BIND (made a new zone kazaa.com and put * A 127.0.0.1, record in there, internally every one uses the internal DNSes only.) Still users and myself are able to use kazaa without the users seeing the kazaa.com's homepage, which no one every saw, too busy to download *.* from the WEB...
I have heard on other lists that there is a way to block Kazaa from network using some sort of Signature filter with IPTables/Chains etc...
Any ideas will be really appreciated....
Thanks
Ripunjay Bararia
-----Original Message----- From: linuxers-admin@mm.ilug-bom.org.in [mailto:linuxers-admin@mm.ilug-bom.org.in]On Behalf Of Devdas Bhagat Sent: Tuesday, December 24, 2002 10:35 PM To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] How to Stop Kazaa traffic using IPTables
Kazaa 2 uses dynamic high ports. Use proxy based firewalls to block it, no firewall rules. Oh, and have a policy banning Kazaa on your network, and then fire anyone who violates it.
Devdas Bhagat
-- _______________________________________________