[TriLUG] OT - limiting access to destination ports

jason tower jtower at cerient.net
Wed Apr 23 19:30:53 EDT 2008


the firewall can block a *host* from making outbound connections to 
![80|443].  but not just flash

Christopher L Merrill wrote:
> I want to block the Flash player in IE (on XP) from connecting to anything
> other than ports 80 and 443 on the destination servers.  Note this is for
> testing some specific stuff - the goal is to force flash to use these ports
> instead of other ports for streaming video.  I haven't found a way for
> Windows Firewall to do this. I've tried TCP/IP port-filtering - but haven't
> found the magic combination that blocks the videos but allows the browser
> to operate.
> 
> At my disposal, we have a BSD firewall in the office that all our machines
> are sitting behind.  In addition, I have a Linux machine that is configured
> with Apache and mod_proxy.  At home, I'm behind a Linsys WRT54 (stock firmware).
> 
> Note that this need only be a temporary solution - something I can turn
> on for a few minutes for testing and then turn off - so preventing
> _anything_ on our network from connection to anything besides ports
> 80 and 443 would be acceptable as long as the browser is still functional
> (I guess that implies DNS queries would need to get through as well?)
> I think I can determine which destination IPs I want to block, so
> a solution that is limited to a few IPs would work, too.  If the solution
> was only functional for a specific source IP address, that would work, too.
> 
> Any suggestions how I might accomplish my goal (in 2 hours or less)?
> 
> 
> 
> 



More information about the TriLUG mailing list