[TriLUG] OT - limiting access to destination ports

Christopher L Merrill chris at webperformance.com
Wed Apr 23 16:22:02 EDT 2008


I want to block the Flash player in IE (on XP) from connecting to anything
other than ports 80 and 443 on the destination servers.  Note this is for
testing some specific stuff - the goal is to force flash to use these ports
instead of other ports for streaming video.  I haven't found a way for
Windows Firewall to do this. I've tried TCP/IP port-filtering - but haven't
found the magic combination that blocks the videos but allows the browser
to operate.

At my disposal, we have a BSD firewall in the office that all our machines
are sitting behind.  In addition, I have a Linux machine that is configured
with Apache and mod_proxy.  At home, I'm behind a Linsys WRT54 (stock firmware).

Note that this need only be a temporary solution - something I can turn
on for a few minutes for testing and then turn off - so preventing
_anything_ on our network from connection to anything besides ports
80 and 443 would be acceptable as long as the browser is still functional
(I guess that implies DNS queries would need to get through as well?)
I think I can determine which destination IPs I want to block, so
a solution that is limited to a few IPs would work, too.  If the solution
was only functional for a specific source IP address, that would work, too.

Any suggestions how I might accomplish my goal (in 2 hours or less)?




-- 
------------------------------------------------------------------------ -
Chris Merrill                           |  Web Performance, Inc.
chris at webperformance.com                |  http://webperformance.com
919-433-1762                            |  919-845-7601

Website Load Testing and Stress Testing Software & Services
------------------------------------------------------------------------ -



More information about the TriLUG mailing list