Question About Blocking Msn In Linux

jedipi · July 22, 2005

I am trying to block MSN. The following is my config:

CONSOLE

iptables -A FORWARD -d gateway.messenger.hotmail.com -j DROPiptables -A FORWARD --protocol tcp --dport 1863 -j REJECT --reject-with tcp-resetfor i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -d $i -j DROP;donefor i in `cat /etc/msnserverlist`;do /sbin/iptables -A FORWARD -s $i -j DROP;donemsnserverlist:207.46.4.55207.46.4.161207.46.0.74207.46.4.40207.46.6.101207.46.4.93207.46.4.38207.46.0.48207.46.0.144207.46.4.59207.46.6.29207.46.6.176207.46.0.22207.46.0.5465.54.239.20207.46.0.92207.46.0.68207.46.0.46207.46.6.186207.46.2.161207.46.0.81207.46.6.20165.54.239.140207.46.0.9661.129.45.63207.46.0.57207.46.0.75207.46.0.83207.46.0.151207.46.0.147iptables -A FORWARD -d 64.4.12.200 -p udp --dport 7001 -j DROPiptables -A FORWARD -d 64.4.12.201 -p udp --dport 7001 -j DROPiptables -A FORWARD -d 65.54.226.247 -p udp --dport 443 -j DROPiptables -A FORWARD -d 207.46.104.20 -p udp --dport 1863 -j DROPiptables -A FORWARD -d 207.46.106.99 -p udp --dport 1863 -j DROPiptables -A FORWARD -d 207.46.110.254 -p udp --dport 80 -j DROPiptables -A FORWARD -s 64.4.12.200 -p udp --sport 7001 -j DROPiptables -A FORWARD -s 64.4.12.201 -p udp --sport 7001 -j DROPiptables -A FORWARD -s 65.54.226.247 -p udp --sport 443 -j DROPiptables -A FORWARD -s 207.46.104.20 -p udp --sport 1863 -j DROPiptables -A FORWARD -s 207.46.106.99 -p udp --sport 1863 -j DROPiptables -A FORWARD -s 207.46.110.254 -p udp --sport 80 -j DROPiptables -A FORWARD -d 64.4.12.200 -p tcp --dport 7001 -j DROPiptables -A FORWARD -d 64.4.12.201 -p tcp --dport 7001 -j DROPiptables -A FORWARD -d 65.54.226.247 -p tcp --dport 443 -j DROPiptables -A FORWARD -d 207.46.104.20 -p tcp --dport 1863 -j DROPiptables -A FORWARD -d 207.46.106.99 -p tcp --dport 1863 -j DROPiptables -A FORWARD -d 207.46.110.254 -p tcp --dport 80 -j DROPiptables -A FORWARD -s 64.4.12.200 -p tcp --sport 7001 -j DROPiptables -A FORWARD -s 64.4.12.201 -p tcp --sport 7001 -j DROPiptables -A FORWARD -s 65.54.226.247 -p tcp --sport 443 -j DROPiptables -A FORWARD -s 207.46.104.20 -p tcp --sport 1863 -j DROPiptables -A FORWARD -s 207.46.106.99 -p tcp --sport 1863 -j DROPiptables -A FORWARD -s 207.46.110.254 -p tcp --sport 80 -j DROP

But they do not work. MSN still can connect to the server.Does anyone know how to block it??

Notice from moonwitch:

put console tag in, adjusted credits

moonwitch1405241479 · July 22, 2005

First of all; USE THE QUOTES OR CONSOLE!Secondly istead of listing the long list of each server, use 207.46.*.*

Trekkie101 · July 22, 2005

Theres a LOT more servers than that, over 200 if im right.

http://forums.xisto.com/no_longer_exists/

Run that, it'll give you a list and allow you to chose a server if you wanted.

qwijibow · July 23, 2005

Im not 100%, but dont all the msn server use the same port (or same range of ports)
you may have more luck blocking tcp packets in state NEW to msn server ports.

iptables -A FORWARD -p tcp --dport <msn_server_port_range> -m state --state NEW -j DROP

jedipi · July 23, 2005

thanks moonwitch for adding the console tag.I did try to add it before I click post button.but it did look good in preveiw (even now). --- 1 line statement become 2 lines.thats why I did do that.and thanks for the suggestion...however, the problem still remain.MSN still can online.any other ideas???

jipman · July 23, 2005

You could try to block all access from and to port 1863, that is the default port (maybe there are more, like the ones in your start-post , but leave the 80 port open ).

Also, you also might need to ban somesites with online-messenger stuff, like

http://www.msn.com/en-ca/
http://www.ebuddy.com/

madcrow · July 23, 2005

Why would you ever need to block MSN? Do you just not want Windows users to be able to connect to your server or something?

jipman · July 23, 2005

Why would you ever need to block MSN? Do you just not want Windows users to be able to connect to your server or something?

1. Did you ever think about that every single message goes through the m$ servers? And that privacy is a rare thing there?
2. Ever thought that if at work, everyone's nudging and msg'ing each other, would there be any work done?
3. You are confused, this has nothing to do with windows/linux, it's the PROTOCOL

[wha?]
4. MSN is the lamest protocol ever and GAIM ownzz it's sorry *bottom*?
[/wha?]

Trekkie101 · July 23, 2005

4. Not true, the MSN protocal is pretty good if you have a bot, very easy to work with.

madcrow · July 27, 2005

I see. You're one of those evil bosses who wants to control everything your employees do and prevent them from using the internet for anything other than stock quotes and stuff.

Notice from qwijibow:

Your first post in this thread was tolerated, but this is just pointless spam/flaimbait.please keep your posts relevant to the topic.

Sign In

Question About Blocking Msn In Linux

Recommended Posts

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Important Information