Use iptables firewall to shield qq and msn

Source: Internet
Author: User
Iptables shields QQ and MSN. the current environment is as follows: intranet network segment: 192.168.10.0/24; Gateway: 192.168.10.254 (in the building property area); therefore, you can build your own gateway internally, configure the iptables policy. in the future, replace the intranet network with 192.168.9.0/24, and the gateway with 192.168.9.254 as follows: 1. configure the Nic information of the Gateway Server: the current environment is as follows:
Intranet segment: 192.168.10.0/24;
Gateway: 192.168.10.254 (in the building property area );
Therefore, you can create your own gateway internally. IptablesPolicy.
In the future, the intranet network will be changed to 192.168.9.0/24, and the Gateway will be 192.168.9.254.
Note:
1. configure the Nic information of the gateway server:
Ifconfig eth0 192.168.10.222 // Configure Nic 0
Ifconfig eth1 192.168.9.254 // Configure Nic 1
Route add default gateway 192.168.10.254 // Configure the default gateway
2. use iptables to set NAT
Iptables-t nat-a POSTROUTING-o eth0-s 192.168.9.0/24-j SNAT -- to 192.168.10.222 // forward the 9-segment NAT to 192.168.10.222
3. use iptables to restrict QQ and MSN
The QQ server port is 8000, and the client port is 4000 (4001 when the second QQ server is enabled, and so on.
A large number of MSN ports: 1863 indicates the port required for login and-. the MSN server is gateway.messenger.hotmail.com.
Iptables-a forward -- protocol udp -- dport 8000-j REJECT // shield the QQ server
Iptables-a forward-d gateway.messenger.hotmail.com-j REJECT // shield the msn server
Iptables-a forward -- protocol tcp -- dport 1863-j REJECT // shield the msn client Port
QQ is source-port 4000, destination-port 8000
You only need to add a rule to FORWARD.
Iptables-a forward-I eth0-p udp -- dport 8000-j DROP
Eth0 is an intranet Nic.
To delete this rule, you only need to enter:
Iptables-d forward 1
1 indicates its serial number.
Appendix:
Blocking MSN:
/Sbin/iptables-I FORWARD-d gateway.messenger.hotmail.com-jDROP
/Sbin/iptables-I FORWARD-p tcp -- dport 1863-j DROP
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.