[TriLUG] OT - limiting access to destination ports

Nick Goldwater trilug at dogstar1.com
Wed Apr 23 16:33:07 EDT 2008 

I have been meaning to look at http://www.nufw.org/-English-.html but have yet to do so.
It may be able to do what you are looking for although filtering a sub-application may be beyond its scope.
Nick


----- "Christopher L Merrill" <chris at webperformance.com> wrote:

| I want to block the Flash player in IE (on XP) from connecting to
| anything
| other than ports 80 and 443 on the destination servers.  Note this is
| for
| testing some specific stuff - the goal is to force flash to use these
| ports
| instead of other ports for streaming video.  I haven't found a way
| for
| Windows Firewall to do this. I've tried TCP/IP port-filtering - but
| haven't
| found the magic combination that blocks the videos but allows the
| browser
| to operate.
| 
| At my disposal, we have a BSD firewall in the office that all our
| machines
| are sitting behind.  In addition, I have a Linux machine that is
| configured
| with Apache and mod_proxy.  At home, I'm behind a Linsys WRT54 (stock
| firmware).
| 
| Note that this need only be a temporary solution - something I can
| turn
| on for a few minutes for testing and then turn off - so preventing
| _anything_ on our network from connection to anything besides ports
| 80 and 443 would be acceptable as long as the browser is still
| functional
| (I guess that implies DNS queries would need to get through as well?)
| I think I can determine which destination IPs I want to block, so
| a solution that is limited to a few IPs would work, too.  If the
| solution
| was only functional for a specific source IP address, that would work,
| too.
| 
| Any suggestions how I might accomplish my goal (in 2 hours or less)?
| 
| 
| 
| 
| -- 
| ------------------------------------------------------------------------
| -
| Chris Merrill                           |  Web Performance, Inc.
| chris at webperformance.com                |  http://webperformance.com
| 919-433-1762                            |  919-845-7601
| 
| Website Load Testing and Stress Testing Software & Services
| ------------------------------------------------------------------------
| -
| -- 
| TriLUG mailing list        :
| http://www.trilug.org/mailman/listinfo/trilug
| TriLUG Organizational FAQ  : http://trilug.org/faq/
| TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

More information about the TriLUG mailing list