[TriLUG] OT - limiting access to destination ports

Robert Dale robdale at gmail.com
Wed Apr 23 16:35:46 EDT 2008


I don't know _how_ to do this on _BSD_ - linux, yes ;) - but
conceptually, you create some outgoing rules like

allow 80
allow 443
deny all

On Wed, Apr 23, 2008 at 4:22 PM, Christopher L Merrill
<chris at webperformance.com> wrote:
> I want to block the Flash player in IE (on XP) from connecting to anything
>  other than ports 80 and 443 on the destination servers.  Note this is for
>  testing some specific stuff - the goal is to force flash to use these ports
>  instead of other ports for streaming video.  I haven't found a way for
>  Windows Firewall to do this. I've tried TCP/IP port-filtering - but haven't
>  found the magic combination that blocks the videos but allows the browser
>  to operate.
>
>  At my disposal, we have a BSD firewall in the office that all our machines
>  are sitting behind.  In addition, I have a Linux machine that is configured
>  with Apache and mod_proxy.  At home, I'm behind a Linsys WRT54 (stock firmware).
>
>  Note that this need only be a temporary solution - something I can turn
>  on for a few minutes for testing and then turn off - so preventing
>  _anything_ on our network from connection to anything besides ports
>  80 and 443 would be acceptable as long as the browser is still functional
>  (I guess that implies DNS queries would need to get through as well?)
>  I think I can determine which destination IPs I want to block, so
>  a solution that is limited to a few IPs would work, too.  If the solution
>  was only functional for a specific source IP address, that would work, too.
>
>  Any suggestions how I might accomplish my goal (in 2 hours or less)?
>
>
>
>
>  --
>  ------------------------------------------------------------------------ -
>  Chris Merrill                           |  Web Performance, Inc.
>  chris at webperformance.com                |  http://webperformance.com
>  919-433-1762                            |  919-845-7601
>
>  Website Load Testing and Stress Testing Software & Services
>  ------------------------------------------------------------------------ -
>  --
>  TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>  TriLUG Organizational FAQ  : http://trilug.org/faq/
>  TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



More information about the TriLUG mailing list