Instant Messenging Woes

[daniel]

On August 9, 2004 10:49 am, Wil McGilvery wrote:
> Hello Everyone.
>
> I am now in the position of having to regulate Instant Message clients in
> our Network. Does anyone have experience with this?
>
> I would like to:
>
> Use an internal IM system for staff to use.
> Allow certain employees to connect to the outside world.
> Keep track of who they connect to.

i think you should be able to use iptables to block outgoing traffic to any 
server from any port to the msn port.  something like this should suffice:

  iptables -A FORWARD -i $LAN_INTERFACE -o $EXT_INTERFACE -p tcp -s 
$LAN_ADDRESSES --sport $UNPRIVPORTS --dport 1863 -j DROP

  iptables -A FORWARD -i $LAN_INTERFACE -o $EXT_INTERFACE -p tcp -s 
$LAN_ADDRESSES --sport $UNPRIVPORTS --dport 9000 -j DROP

of course a better way would be to use a default DROP policy and accept only 
certain traffic, like any packets from $LAN to $WORLD with a source port of 
$ANYTHING to a destination port of 80,21 etc. 

-- 
Jubel Early: You're all insane.
      Simon: My sister's a ship. We had a fairly complicated childhood.
	- Jubel Early and Simon, Firefly, "Objects in Space"

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml