Google Answers: Linux Firewall iptables - Want to block MSN Messenger

View Question

Q: Linux Firewall iptables - Want to block MSN Messenger ( Answered 4 out of 5 stars

Question

Subject: Linux Firewall iptables - Want to block MSN Messenger
Category: Computers > Security
Asked by: zekise-ga
List Price: $2.00

Posted: 18 May 2005 16:26 PDT
Expires: 17 Jun 2005 16:26 PDT
Question ID: 523109

How do I block MSN Messenger (also MS Messenger) from going through my home Linux gateway firewall iptables - so my kids concentrate on homework? The gateway is Linux RedHat 9, Linux 2.4.9. device eth0 is internal, eth1 is Internet. Firewall is iptables, loaded at rc.local time. I wish to block all Messenger packets, and if possible get a log as well. example I found for ICQ blocking iptables -A FORWARD -p tcp -s 10.10.0.0/16 -o $EXT --dport 4000 -j DROP thank you very much
Request for Question Clarification by denco-ga on 18 May 2005 20:00 PDT Howdy zekise-ga, Give the following a try. As ports, etc. seem to change on MSN Messenger, I thought you should give these a try, and if they work I can post this as an answer. Thanks! iptables -A FORWARD -p tcp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.110.0/25 -j DROP iptables -A FORWARD -d 207.46.104.20 -j DROP Looking Forward, denco-ga - Google Answers Researcher
Clarification of Question by zekise-ga on 23 May 2005 21:50 PDT Hi denco-ga - thanks for your reply. I tried this, but I am not sure if it has blocked MSN Messenger or not. I dont have MSN myself and dont know of one whom I can test with, so I cannot really test it. Could you pls. tell me how to test this by observing actual packets going through and/or getting dropped? I have used netstat before - but I need to monitor/log each packet going through the /dev/eth1 port. Is there any way to log all packet headers going through this port, and also log dropped or blocked ones? Thanks
Request for Question Clarification by denco-ga on 25 May 2005 09:53 PDT The suggestion provided by linuxgeeknerd-ga in the comments looks to be a good one (thanks!) so you might want to try that. Looking Forward, denco-ga - Google Answers Researcher
Clarification of Question by zekise-ga on 31 May 2005 02:41 PDT I managed to test the iptables directive and it works. It stops MSN from logging into the server and establishing a presence. Thanks so much denco-ga. Also I will try the logging by LinuxGeekNerd - thanks zekise

Answer

Subject: Re: Linux Firewall iptables - Want to block MSN Messenger
Answered By: denco-ga on 07 Jun 2005 16:00 PDT
Rated: 4 out of 5 stars

Howdy zekise-ga,

Glad to hear the following worked to block Messenger for you.

iptables -A FORWARD -p tcp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.110.0/25 -j DROP
iptables -A FORWARD -d 207.46.104.20 -j DROP


Search strategy:

Google search on: iptables Messenger block
://www.google.com/search?q=iptables+Messenger+block

Prior IP tables configuration experience.

Looking Forward, denco-ga - Google Answers Researcher

zekise-ga rated this answer: 4 out of 5 stars

Comments

Subject: Re: Linux Firewall iptables - Want to block MSN Messenger
From: linuxgeeknerd-ga on 25 May 2005 05:19 PDT

You should replace "-j DROP" by "-j LOG --log-level debug" and look at
the file you have configured by syslog.conf.

Subject: Best way to block MSN Messenger
From: skyfly-ga on 10 Oct 2005 08:04 PDT

Using a Linux firewall (IPTABLES in my case), first of all you need to
have a running copy of squid which you make transparent for your local
LAN. Add this to your squid.conf:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

And this to your IPTABLES:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED
-o eth0 -p tcp --dport 80

...where eth0 is your external interface and eth1 your internal.

Next you need to DROP or REJECT all instant messenger software ports
in you IPTABLES. The port for MSN Messenger is 1863, thus add this to
IPTABLES:

iptables -I FORWARD -p tcp --dport 1863 -j REJECT

Next, create an ACL in your squid.conf file for MSN Messenger and deny
access for it:

acl MSN-Mess dst 64.4.13.0/24 152.163.241.0/24 64.12.163.0/24
207.46.110.0/24 207.46.1.0/24 65.54.0.0/16
http_access deny MSN-Mess

That's it. Easy as pie.
You can do the same to other instant messaging software too. Here is a few acl's:

# Yahoo Messenger service
acl Yahoo-Mess dst 24.71.200.68/32 204.71.202.73/32 204.71.200.0/24
204.71.177.35/32 204.71.202.59/32 204.71.202.58/32 216.115.105.214/32
204.71.201.47/32 204.71.201.48/32 216.115.105.215/32
216.136.172.221/32  *.msg.yahoo.com
http_access deny Yahoo-Mess
# AOL and ICQ service
acl ICQ-Mess dst 64.12.200.89/32 205.188.153.121/32 205.188.179.233/32
64.12.161.153/32 64.12.161.185/32
http_access deny ICQ-Mess
# Trillian service
acl Trillian-Mess dst 66.216.70.167/32
http_access deny Trillian-Mess

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy