Results 1 to 6 of 6

Thread: MSN blocking

  1. 03-11-2008, 02:27 #1
    sonice
    sonice is offline Senior Member
    Join Date
    Nov 2007
    Posts
    122

    MSN blocking

    I was able to block MSN completely via iptables:
    Code:
    # MSN blocking
iptables -A FORWARD -d cs.yahoo.com -j DROP
iptables -A FORWARD -d scsa.yahoo.com -j DROP
iptables -A FORWARD -d scs.yahoo.com -j DROP
iptables -A FORWARD -d scs-fooe.yahoo.com -j DROP
iptables -A FORWARD -p tcp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.110.0/25 -j DROP
iptables -A FORWARD -d 207.46.104.20 -j DROP
iptables -A FORWARD -d 63.216.136.22     -j DROP
iptables -A FORWARD -d 66.135.224.142    -j DROP
iptables -A FORWARD -d 66.136.175.132    -j DROP
iptables -A FORWARD -d 66.163.168.105    -j DROP
iptables -A FORWARD -d 66.163.172.117    -j DROP
iptables -A FORWARD -d 66.163.173.76     -j DROP
iptables -A FORWARD -d 66.163.173.77     -j DROP
iptables -A FORWARD -d 66.163.173.78     -j DROP
iptables -A FORWARD -d 66.163.173.203    -j DROP
iptables -A FORWARD -d 66.163.175.128    -j DROP
iptables -A FORWARD -d 66.163.178.78     -j DROP
iptables -A FORWARD -d 204.71.200.36     -j DROP
iptables -A FORWARD -d 204.71.200.37     -j DROP
iptables -A FORWARD -d 204.71.201.134    -j DROP
iptables -A FORWARD -d 204.71.201.141    -j DROP
iptables -A FORWARD -d 216.136.173.172   -j DROP
iptables -A FORWARD -d 216.136.173.179   -j DROP
iptables -A FORWARD -d 216.136.175.132   -j DROP
iptables -A FORWARD -d 216.136.175.142   -j DROP
iptables -A FORWARD -d 216.136.175.143   -j DROP
iptables -A FORWARD -d 216.136.175.144   -j DROP
iptables -A FORWARD -d 216.136.175.145   -j DROP
iptables -A FORWARD -d 216.136.175.226   -j DROP
iptables -A FORWARD -d 216.136.224.134   -j DROP
iptables -A FORWARD -d 216.136.224.142   -j DROP
iptables -A FORWARD -d 216.136.224.213   -j DROP
iptables -A FORWARD -d 216.136.224.214   -j DROP
iptables -A FORWARD -d 216.136.225.12    -j DROP
iptables -A FORWARD -d 216.136.226.117   -j DROP
iptables -A FORWARD -d 216.136.226.118   -j DROP
iptables -A FORWARD -d 216.136.226.209   -j DROP
iptables -A FORWARD -d 216.136.226.210   -j DROP
iptables -A FORWARD -d 216.136.227.168   -j DROP
iptables -A FORWARD -d 216.136.233.129   -j DROP
iptables -A FORWARD -d 216.136.233.130   -j DROP
iptables -A FORWARD -d 216.136.233.131   -j DROP
iptables -A FORWARD -d 216.136.233.133   -j DROP
iptables -A FORWARD -d 216.136.233.135   -j DROP
iptables -A FORWARD -d 216.136.233.148   -j DROP
iptables -A FORWARD -d 216.136.233.151   -j DROP
iptables -A FORWARD -d 216.136.233.152   -j DROP
iptables -A FORWARD -d 207.46.104.20 -j DROP
iptables -A FORWARD -d 207.46.110.48 -j DROP
iptables -A FORWARD -d 195.33.103.52 -j DROP
iptables -A FORWARD -d 207.46.110.254 -j DROP
iptables -A FORWARD -d 213.199.154.54 -j DROP
iptables -A FORWARD -d 216.178.160.34 -j DROP
iptables -A FORWARD -d 207.68.178.239 -j DROP
iptables -A FORWARD -d 213.199.154.11 -j DROP
iptables -A FORWARD -d 213.249.102.94 -j DROP
iptables -A FORWARD -d 194.130.106.132 -j DROP
    Reply With Quote Reply With Quote
  2. 03-11-2008, 19:40 #2
    wpte
    wpte is offline Student Computer Engineer
    Join Date
    Dec 2007
    Location
    The Netherlands - Eindhoven
    Posts
    1,767
    nice...
    but don't you just need 2 or 3 ports that have to be blocked?
    and btw... ppl can still connect to something called e-buddy or something similair.

    every time I see an admin trying to block out msn completely, it somehow always fails, there is always an alternative service that lets you connect to msn.
    Reply With Quote Reply With Quote
  3. 23-11-2008, 22:56 #3
    Tamadite
    Tamadite is offline Senior Member
    Join Date
    Nov 2004
    Location
    Sweden
    Posts
    259
    <<According to Microsoft support website, to block MSN, you take either outbound access to TCP port 1863, and outbound HTTP access to messenger.hotmail.com.>> Source: http://www.sfu.ca/~vwchu/blockmsn.html
    Reply With Quote Reply With Quote
  4. 21-12-2008, 03:35 #4
    sonice
    sonice is offline Senior Member
    Join Date
    Nov 2007
    Posts
    122
    I did try this- http://dumy.wiki.ptt.cc/-IpTable

    Code:
    iptables -I FORWARD -d login.oscar.aol.com -j DROP 
iptables -I FORWARD -d gateway.messenger.hotmail.com -j DROP 
iptables -I FORWARD -d messenger.hotmail.com -j DROP 
iptables -I FORWARD -d messenger.msn.com -j DROP 
iptables -I FORWARD -d rad.msn.com -j DROP 
iptables -I FORWARD -d passport.com -j DROP 
iptables -I FORWARD -d glogin.icq.com -j DROP
iptables -I FORWARD -d http.proxy.icq.com -j DROP
iptables -I FORWARD -d icq.mirabilis.com -j DROP
iptables -I FORWARD -d msg.edit.yahoo.com -j DROP
iptables -I FORWARD -d messenger.yahoo.com -j DROP
    and http://www.linuxforums.org/forum/lin...messenger.html

    Code:
    iptables -A INPUT -s 192.168.1.0/24 -j DROP -p tcp -i vlan1
iptables -A INPUT -s 192.168.1.0/24 -j DROP -p udp -i vlan1
#allow only http traffic
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 80
#allow only https traffic
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 443
#allow only mail imap
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 143
#allow only mail smtp
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 25
#allow only mail pop3
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 110
#allow only RDP
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 3389
#allow only VNC
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 5900
#allow only VNC through web
iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT -p tcp -i vlan1 --dport 5800
    And still could not block it...

    They di it here with layer7:

    http://forum.openwrt.org/viewtopic.php?id=15292

    Is there any chance to have layer7 running with latest Oleg's firmware?
    Last edited by sonice; 21-12-2008 at 04:27.
    Reply With Quote Reply With Quote
  5. 21-12-2008, 04:59 #5
    sonice
    sonice is offline Senior Member
    Join Date
    Nov 2007
    Posts
    122
    It looks like I finally did it... http://fbq.hamal.nl/blobs/fwrules

    This will block it:

    Code:
    iptables -A FORWARD -d 65.54.179.203 -j DROP
iptables -A FORWARD -d 65.54.208.221 -j DROP
iptables -A FORWARD -d 64.4.13.0/24 -j DROP
iptables -A FORWARD -d 64.4.13.0/24 -j DROP
iptables -A FORWARD -d 64.12.163.0/247 -j DROP
iptables -A FORWARD -d 65.54.0.0/16 -j DROP
iptables -A FORWARD -d 152.163.241.0/24 -j DROP
iptables -A FORWARD -d 207.46.1.0/24 -j DROP
iptables -A FORWARD -d 207.46.110.0/24 -j DROP
iptables -A FORWARD -d 80.67.86.64/28 -j DROP
iptables -A FORWARD -d 193.238.160.0/24 -j DROP
iptables -A FORWARD -d 66.150.161.128/28 -j DROP
iptables -A FORWARD -d 69.25.27.160/28 -j DROP
iptables -A FORWARD -d 216.129.112.0/24 -j DROP
iptables -A FORWARD -d 65.19.140.246/24 -j DROP
iptables -A FORWARD -d 216.32.64.0/19 -j DROP
iptables -A FORWARD -d 209.67.208.0/20 -j DROP
iptables -A FORWARD -d 72.232.0.0/16 -j DROP
iptables -A FORWARD -d 72.36.128.0/17 -j DROP
iptables -A FORWARD -d 194.109.193.71 -j DROP
iptables -A FORWARD -d 72.36.128.0/17 -j DROP
    Last edited by sonice; 21-12-2008 at 05:08.
    Reply With Quote Reply With Quote
  6. 16-01-2009, 17:37 #6
    sonice
    sonice is offline Senior Member
    Join Date
    Nov 2007
    Posts
    122
    There are so many lines...
    I need them to work within certain times.
    Is there any other way then:
    --timestart 23:30:00 --timestop 06:00:00 --days Mon,Tue,Wed,Thu,Fri,
    How can I activate these with cron?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Wireless WWW admin & SSH blocking
    By vega01 in forum WL-500gP Q&A
    Replies: 0
    Last Post: 14-04-2008, 14:18
  2. WL-500W Blocking POP mail
    By davidgrm in forum WL-500w Q&A
    Replies: 0
    Last Post: 21-11-2007, 22:09
  3. MSN problem: Not connecting; Internet problem: Packet loss
    By R3Z3T in forum WL-500g Q&A
    Replies: 0
    Last Post: 09-04-2006, 12:19
  4. msn hotmail and alot of other problems
    By dvshoaib in forum WL-500g Q&A
    Replies: 2
    Last Post: 17-10-2004, 19:49

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules