RES: How to block Kazaa; NIS authentication

Jeff Vian jvian10 at charter.net
Thu May 6 00:57:39 UTC 2004 


Artur Sampaio wrote:

>Ok. Block a specific port is really easy... But the problem is: kazaa
>tries to use the port 1214, but if it's blocked, he use other ports...
>And if i block all other, it uses the port 80, that i can't block, cause
>my users need web.....
>I'm googling for the answer too... If i find something, i put it on the
>list too.
>  
>
If I understand this correctly, you are provideing internet connection 
to these users.

You should have an Acceptable Use Policy (AUP).  Then you can 
justifiably deny service to the  user who wants Kazaa as long as the AUP 
says it is not allowed.  Deny service in varying degrees, as 
appropriate, maybe even no service if it gets to that and the user does 
not comply with your policy.

You are putting an obstacle in the way that he may get around, but 
shutting off his service he won't be able to get around.  As a famous 
president once said "walk softly and carry a big stick".  Users usually 
comply when they know the  rules and the consequences.

Use both methods for better relations.

just my $0.02 on this.

>
>-----Mensagem original-----
>De: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com] Em nome de jludwig
>Enviada em: quarta-feira, 5 de maio de 2004 16:40
>Para: For users of Fedora Core releases
>Assunto: Re: How to block Kazaa; NIS authentication
>
>
>On Wed, 2004-05-05 at 15:03, Markku Kolkka wrote:
>  
>
>>Artur Sampaio kirjoitti viestissään (lähetysaika keskiviikko, 5.
>>toukokuuta 2004 21:12):
>>    
>>
>>>1) The W2k user insist in use kazaa, that was prohibited from 
>>>enterprise's owner.....I wish to block the port of kazaa on the 
>>>server (iptables??). someone knows how?
>>>      
>>>
>>http://www.linuxjournal.com/article.php?sid=6945
>>
>>-- 
>>	Markku Kolkka
>>	markku.kolkka at iki.fi
>>    
>>
>Blocking a port with iptables is rather trivial. A couple of examples.
>
>$IPTABLES -A INPUT -p udp --sport 23 -s 0/0 -j LOG --log-prefix \
>"Incorrect DNS source" $IPTABLES -A INPUT -i lo --sport 631 -j ACCEPT
>$IPTABLES -A FORWARD -o $EXTIF -p tcp --dport 137 -j DROP $IPTABLES -A
>FORWARD -o $EXTIF -p tcp --dport 138 -j DROP $IPTABLES -A FORWARD -o
>$EXTIF -p tcp --dport 139 -j DROP
>
>See http://www.linuxguruz.com/iptables/ for more and better information
>  
>

More information about the fedora-list mailing list