University Crest

[wlug] port 80

 
wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Daniel Lawson daniel@m...
Tue Sep 16 09:30:30 NZST 2003


> RH 9, running squid and Dan’s Guardian.
>
> How to block port 80?
>
> Students are bypassing squid and getting strait out to the net.
>
> IPchains was set up originally, but has lost it settings and know does 
> not want to work.
>

Is there any reason your internal machines need to connect to the 
Internet direct? You want to enforce proxy usage for web/ftp traffic, 
are there any legitimate reasons internal machines will have for 
directly traversing your border?

If not, dont set a default route, and dont forward packets for those 
machines. This has the added bonus of stopping any virus propagation (if 
an internal machine gets infected, it wont start connecting to a zillion 
random hosts on the Internet as it doesn't have a default route!).

I do this at one school at it works fine. We have internal mail, and the 
only valid Internet-bound traffic from any of the machines is http/ftp. 
It also stops people using kazaa or instant messenger (until they work 
out to use http proxies for those things, anyway)




More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato