I was able to block MSN completely via iptables:


# MSN blocking
iptables -A FORWARD -d cs.yahoo.com -j DROP
iptables -A FORWARD -d scsa.yahoo.com -j DROP
iptables -A FORWARD -d scs.yahoo.com -j DROP
iptables -A FORWARD -d scs-fooe.yahoo.com -j DROP
iptables -A FORWARD -p tcp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.110.0/25 -j DROP
iptables -A FORWARD -d 207.46.104.20 -j DROP
iptables -A FORWARD -d 63.216.136.22 -j DROP
iptables -A FORWARD -d 66.135.224.142 -j DROP
iptables -A FORWARD -d 66.136.175.132 -j DROP
iptables -A FORWARD -d 66.163.168.105 -j DROP
iptables -A FORWARD -d 66.163.172.117 -j DROP
iptables -A FORWARD -d 66.163.173.76 -j DROP
iptables -A FORWARD -d 66.163.173.77 -j DROP
iptables -A FORWARD -d 66.163.173.78 -j DROP
iptables -A FORWARD -d 66.163.173.203 -j DROP
iptables -A FORWARD -d 66.163.175.128 -j DROP
iptables -A FORWARD -d 66.163.178.78 -j DROP
iptables -A FORWARD -d 204.71.200.36 -j DROP
iptables -A FORWARD -d 204.71.200.37 -j DROP
iptables -A FORWARD -d 204.71.201.134 -j DROP
iptables -A FORWARD -d 204.71.201.141 -j DROP
iptables -A FORWARD -d 216.136.173.172 -j DROP
iptables -A FORWARD -d 216.136.173.179 -j DROP
iptables -A FORWARD -d 216.136.175.132 -j DROP
iptables -A FORWARD -d 216.136.175.142 -j DROP
iptables -A FORWARD -d 216.136.175.143 -j DROP
iptables -A FORWARD -d 216.136.175.144 -j DROP
iptables -A FORWARD -d 216.136.175.145 -j DROP
iptables -A FORWARD -d 216.136.175.226 -j DROP
iptables -A FORWARD -d 216.136.224.134 -j DROP
iptables -A FORWARD -d 216.136.224.142 -j DROP
iptables -A FORWARD -d 216.136.224.213 -j DROP
iptables -A FORWARD -d 216.136.224.214 -j DROP
iptables -A FORWARD -d 216.136.225.12 -j DROP
iptables -A FORWARD -d 216.136.226.117 -j DROP
iptables -A FORWARD -d 216.136.226.118 -j DROP
iptables -A FORWARD -d 216.136.226.209 -j DROP
iptables -A FORWARD -d 216.136.226.210 -j DROP
iptables -A FORWARD -d 216.136.227.168 -j DROP
iptables -A FORWARD -d 216.136.233.129 -j DROP
iptables -A FORWARD -d 216.136.233.130 -j DROP
iptables -A FORWARD -d 216.136.233.131 -j DROP
iptables -A FORWARD -d 216.136.233.133 -j DROP
iptables -A FORWARD -d 216.136.233.135 -j DROP
iptables -A FORWARD -d 216.136.233.148 -j DROP
iptables -A FORWARD -d 216.136.233.151 -j DROP
iptables -A FORWARD -d 216.136.233.152 -j DROP
iptables -A FORWARD -d 207.46.104.20 -j DROP
iptables -A FORWARD -d 207.46.110.48 -j DROP
iptables -A FORWARD -d 195.33.103.52 -j DROP
iptables -A FORWARD -d 207.46.110.254 -j DROP
iptables -A FORWARD -d 213.199.154.54 -j DROP
iptables -A FORWARD -d 216.178.160.34 -j DROP
iptables -A FORWARD -d 207.68.178.239 -j DROP
iptables -A FORWARD -d 213.199.154.11 -j DROP
iptables -A FORWARD -d 213.249.102.94 -j DROP
iptables -A FORWARD -d 194.130.106.132 -j DROP

nice...
but don't you just need 2 or 3 ports that have to be blocked?:rolleyes:
and btw... ppl can still connect to something called e-buddy or something similair.

every time I see an admin trying to block out msn completely, it somehow always fails, there is always an alternative service that lets you connect to msn.

<<According to Microsoft support website, to block MSN, you take either outbound access to TCP port 1863, and outbound HTTP access to messenger.hotmail.com.>> Source: http://www.sfu.ca/~vwchu/blockmsn.html

I did try this- http://dumy.wiki.ptt.cc/-IpTable



iptables -I FORWARD -d login.oscar.aol.com -j DROP
iptables -I FORWARD -d gateway.messenger.hotmail.com -j DROP
iptables -I FORWARD -d messenger.hotmail.com -j DROP
iptables -I FORWARD -d messenger.msn.com -j DROP
iptables -I FORWARD -d rad.msn.com -j DROP
iptables -I FORWARD -d passport.com -j DROP
iptables -I FORWARD -d glogin.icq.com -j DROP
iptables -I FORWARD -d http.proxy.icq.com -j DROP
iptables -I FORWARD -d icq.mirabilis.com -j DROP
iptables -I FORWARD -d msg.edit.yahoo.com -j DROP
iptables -I FORWARD -d messenger.yahoo.com -j DROP

and http://www.linuxforums.org/forum/linux-security/14489-block-yahoo-messenger.html



iptables -A INPUT -s 192.168.1.0/24 -j DROP -p tcp -i vlan1
iptables -A INPUT -s 192.168.1.0/24 -j DROP -p udp -i vlan1
#allow only http traffic
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 80
#allow only https traffic
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 443
#allow only mail imap
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 143
#allow only mail smtp
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 25
#allow only mail pop3
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 110
#allow only RDP
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 3389
#allow only VNC
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 5900
#allow only VNC through web
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 5800


And still could not block it...

They di it here with layer7:

http://forum.openwrt.org/viewtopic.php?id=15292

Is there any chance to have layer7 running with latest Oleg's firmware?

It looks like I finally did it... http://fbq.hamal.nl/blobs/fwrules

This will block it:


iptables -A FORWARD -d 65.54.179.203 -j DROP
iptables -A FORWARD -d 65.54.208.221 -j DROP
iptables -A FORWARD -d 64.4.13.0/24 -j DROP
iptables -A FORWARD -d 64.4.13.0/24 -j DROP
iptables -A FORWARD -d 64.12.163.0/247 -j DROP
iptables -A FORWARD -d 65.54.0.0/16 -j DROP
iptables -A FORWARD -d 152.163.241.0/24 -j DROP
iptables -A FORWARD -d 207.46.1.0/24 -j DROP
iptables -A FORWARD -d 207.46.110.0/24 -j DROP
iptables -A FORWARD -d 80.67.86.64/28 -j DROP
iptables -A FORWARD -d 193.238.160.0/24 -j DROP
iptables -A FORWARD -d 66.150.161.128/28 -j DROP
iptables -A FORWARD -d 69.25.27.160/28 -j DROP
iptables -A FORWARD -d 216.129.112.0/24 -j DROP
iptables -A FORWARD -d 65.19.140.246/24 -j DROP
iptables -A FORWARD -d 216.32.64.0/19 -j DROP
iptables -A FORWARD -d 209.67.208.0/20 -j DROP
iptables -A FORWARD -d 72.232.0.0/16 -j DROP
iptables -A FORWARD -d 72.36.128.0/17 -j DROP
iptables -A FORWARD -d 194.109.193.71 -j DROP
iptables -A FORWARD -d 72.36.128.0/17 -j DROP

http://i135.photobucket.com/albums/q155/sonice2006/msnblocked.jpg

There are so many lines...
I need them to work within certain times.
Is there any other way then:
--timestart 23:30:00 --timestop 06:00:00 --days Mon,Tue,Wed,Thu,Fri,
How can I activate these with cron?