RES: How to block Kazaa; NIS authentication
Jeff Vian
jvian10 at charter.net
Thu May 6 00:57:39 UTC 2004
Artur Sampaio wrote:
>Ok. Block a specific port is really easy... But the problem is: kazaa
>tries to use the port 1214, but if it's blocked, he use other ports...
>And if i block all other, it uses the port 80, that i can't block, cause
>my users need web.....
>I'm googling for the answer too... If i find something, i put it on the
>list too.
>
>
If I understand this correctly, you are provideing internet connection
to these users.
You should have an Acceptable Use Policy (AUP). Then you can
justifiably deny service to the user who wants Kazaa as long as the AUP
says it is not allowed. Deny service in varying degrees, as
appropriate, maybe even no service if it gets to that and the user does
not comply with your policy.
You are putting an obstacle in the way that he may get around, but
shutting off his service he won't be able to get around. As a famous
president once said "walk softly and carry a big stick". Users usually
comply when they know the rules and the consequences.
Use both methods for better relations.
just my $0.02 on this.
>
>-----Mensagem original-----
>De: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com] Em nome de jludwig
>Enviada em: quarta-feira, 5 de maio de 2004 16:40
>Para: For users of Fedora Core releases
>Assunto: Re: How to block Kazaa; NIS authentication
>
>
>On Wed, 2004-05-05 at 15:03, Markku Kolkka wrote:
>
>
>>Artur Sampaio kirjoitti viestissään (lähetysaika keskiviikko, 5.
>>toukokuuta 2004 21:12):
>>
>>
>>>1) The W2k user insist in use kazaa, that was prohibited from
>>>enterprise's owner.....I wish to block the port of kazaa on the
>>>server (iptables??). someone knows how?
>>>
>>>
>>http://www.linuxjournal.com/article.php?sid=6945
>>
>>--
>> Markku Kolkka
>> markku.kolkka at iki.fi
>>
>>
>Blocking a port with iptables is rather trivial. A couple of examples.
>
>$IPTABLES -A INPUT -p udp --sport 23 -s 0/0 -j LOG --log-prefix \
>"Incorrect DNS source" $IPTABLES -A INPUT -i lo --sport 631 -j ACCEPT
>$IPTABLES -A FORWARD -o $EXTIF -p tcp --dport 137 -j DROP $IPTABLES -A
>FORWARD -o $EXTIF -p tcp --dport 138 -j DROP $IPTABLES -A FORWARD -o
>$EXTIF -p tcp --dport 139 -j DROP
>
>See http://www.linuxguruz.com/iptables/ for more and better information
>
>
More information about the fedora-list
mailing list