[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Instant Messanger



On Thu, 2003-10-02 at 09:49, mike proto wrote:
I'm not sure if policy routing is available for Linux-based firewalls at
the moment (at least policy routing that is able to inspect the
application layer of a packet), [....]

LEAF does. 
http://leaf.sf.net   LEAF is a floppy/CompactFlash/CD based firewall.

I would say any kernel 2.4.x based firewall will do it.  If not, a simple kernel rebuild will suffice.


but with some application proxies (like
Squid) you can limit traffic based on criteria obtained from the
application-layer of the network stack. The trick is you have to force
your traffic to go through the proxy to get any benefit from
it. Using transparent proxing with Squid and some firewall rules to
redirect all HTTP traffic to your proxy server would effectively do this
for you.

I've never actually blocked IM traffic with Squid, but we have used it in
the past to limit access to questionable web sites that contained certain
words. This worked well in that it didn't block access to the entire site,
just the pages that contained words on our "banned" list. We've also used
it to limit file size downloading over thin pipes. I believe you would be
able to block IM traffic in this fashion, or at least block IM users who
are trying to tunnel IM traffic through HTTP.


probably, but it is not a very complete solution as it still addresses the problem by reference to 'port'.

I think you will find TPs' config to be relatively simple.  If it needs to be customised for individuals, then we may be better to write the script in tcng, which is wayyy more human readable.  The end result is the same, but it may be adjusted more easily, or even front-ended with some GUI tool / script / webpage.




/steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]