[分享]搭配iptable and acl 擋MSN 及 yahoo messenger 及 big file

[brinkster]

在這找了很多資料受益良多，特別分享我所設定的內容

需求:
1.block MSN
2.block yahoo messenger
3.block big file (*.zip *.mp3 *.exe ...)

做法:
安裝squid and iptable (安裝就不多說了)

設定 squid(squid.conf)
##block MSN

acl msnmessenger req_mime_type ^application/x-msn-messenger$
http_access deny msnmessenger

acl msn dstdomain gateway.messenger.hotmail.com messenger.msn.com msgr.hotmail.com messenger.hotmail.com rad.msn.com assport.c
om messenger.msn
http_access deny msn

##block Yahoo!Messenger

acl yahooip src "/usr/local/squid/etc/denyyahooip"
http_access deny yahooip

acl yahoomsg dstdomain oscar.aol messenger.hotmail messenger.msn login.icq proxy.icq icq.mirabilis edit.yahoo messenger.yahoo
pager.yahoo
http_access deny yahoomsg

#block big file

acl bigfiles urlpath_regex -i "/usr/local/squid/etc/bigfile"
http_access deny bigfiles

設定iptable
#block Yahoo messenger

$IPTABLES -I FORWARD -p tcp --dport 20 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 21 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 23 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 25 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 119 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 135 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 554 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 1755 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 5050 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 5190 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 7070 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 7071 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 8200 -j DROP
$IPTABLES -I FORWARD -p tcp --dport 8554 -j DROP

$IPTABLES -I FORWARD -d msg.edit.yahoo.com -j DROP
$IPTABLES -I FORWARD -d messenger.yahoo.com -j DROP

#Block MSN Message

#$IPTABLES -I FORWARD -p tcp --dport 1863 -j DROP
#$IPTABLES -I FORWARD -d gateway.messenger.hotmail.com -j DROP

補充:
"/usr/local/squid/etc/denyyahooip"
請自行產生一個file，內容如下：
205.188.179.233
205.188.3.160
205.188.3.176
205.188.5.204
205.188.5.208
205.188.7.164
205.188.7.168
205.188.7.172
205.188.7.176
216.136.131.93
216.136.175.142
216.136.175.143
216.136.175.144
216.136.175.145
216.136.224.213
216.136.224.214
216.136.225.11
216.136.225.12
216.136.225.35
216.136.225.36
216.136.225.83
216.136.225.84
216.136.226.117
216.136.226.118
64.12.162.57
64.4.12.0/24
64.4.13.17
64.4.13.223
64.4.13.36
64.4.13.49

"/usr/local/squid/etc/bigfile"
請自行產生一個file，內容如下：
\.exe$ \.mp3$ \.vqf$ \.tar$ \.gz$ \.gz$ \.rpm$ \.zip$ \.rar$ \.avi$ \.mpeg$ \.mpe$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.raw$ \.wav$ \.mov$ \.exe. \.mp3. \.vqf. \.tar. \.gz. \.gz. \.rpm. \.zip. \.rar. \.avi. \.mpeg. \.mpe. \.mpg. \.qt. \.ram. \.rm. \.iso. \.raw. \.wav. \.mov.

以上都是我所找出來的資料，經過測試也都正常