Just Give Me the Beans!
i want to block all access to games to a network with squid, but im not sure how do that. Im not sure if there is some thing on squid for block a get that conteins the "game" word, and any kind of applications related with games. Is squid capable of this? or i will have to make that on iptables? if so, how can i do that?
<--- Run xman to see that window.
There is no simple answer for this question.
I've seen that some routers have the ability to block specific protocols, that would be a place to start. You can block different gaming IP subnets - poerhaps the where the controller is located network-wise, that should help.
I'd start with some research -
* what games are being played that you want to block,
* which protocols are used for those games
* can you build/create a rule to block the entire protocol without impacting anything else?
In the end, with hard work and lots of effort, you'll be left with flash-based games still available. How to block those when they use HTTP, just like normal traffic? Well, you could block all flash and all HTML5, but that would break much of the web - like youtube. If you can live with that, great. Go for it.
Blocking all "games" and only games is hard. Being 100% with your results will be nearly impossible.
BTW, this is a great question.
Boot, Backup, and Security questions. Std Linux Sys Maint..
Why LTS release? Mark Thread SOLVED.
Use "code tags".
Ubuntu Member
You could try http://dansguardian.org/ over at Sourceforge.
But that kind of filtering is funamentally flawed and cannot work, for too many reasons to go into again. The short answer is that a social problem like that won't fall into a technical solution.
What are you planning?
I haven't tried using squid before, but when I set up guest wireless access, I just blocked all ports except port 80 and 443.
That probably doesn't help, but if you are on my guest wifi, you can browse the internet but not do anything else - torrents and the like are blocked.
This too.Originally Posted by Lars Noodén
Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide
Tomorrow's an illusion and yesterday's a dream, today is a solution...
Just Give Me the Beans!
well, i will do some research, just too bad that maybe cant be solved like that. i will follow the thefu tips and i will block the other ports aqs you say charlie, this might resolve a part of the problem.
<--- Run xman to see that window.
A whitelist of external websites is probably the easiest to implement, but also the hardest to live with. You never said if this was a company or home network. Different issues will happen based on that aspect.
Don't forget that you need to force all DNS to be blocked by desktops and only allow the proxy to resolve external DNS. This will simplify blocking those external locations significantly. You can setup a home network like this too. Then you can more easily block facebook, twitter, and other social networks that include games too.
Whatever you decide, please post the compromised solution later. Others will want to learn more.
Boot, Backup, and Security questions. Std Linux Sys Maint..
Why LTS release? Mark Thread SOLVED.
Use "code tags".
A Carafe of Ubuntu
This is going to be nearly impossible to do, frankly. Assuming you're talking about standalone programs (WoW, CoD, etc.), you can *try* to block the ports commonly used by the game. However, a user that REALLY wants to play will just use a tunneling service to make the game traffic look like normal, permissible traffic.
Your best defense against this, really, is a very clear, well written Acceptable Use Policy that explains what actions are and are not permitted on the network, and what the consequences for violating this policy are.
Ubuntu addict and loving it
I block games and similar services in a workplace setting with iptables by denying communication between the clients' high ports (>1023) and remote high ports:
This keeps the router from forwarding any traffic on the LAN (192.168.1.0/24) to remote high ports. Since these are the only ports to which ordinary users can bind services (ports < 1024 are limited to root), that's where torrents and games tend to accumulate.Code:/sbin/iptables -A FORWARD -s 192.168.1.0/24 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -j REJECT /sbin/iptables -A FORWARD -s 192.168.1.0/24 -p udp -m udp --sport 1024:65535 --dport 1024:65535 -j REJECT
You may need to exempt some specific ports. If you have people using things like PC Anywhere or other Citrix-based services on port 1494, add a line like this before the ones above:
Code:/sbin/iptables -A FORWARD -s 192.168.1.0/24 -p tcp -m tcp --dport 1494 -j ACCEPT
Last edited by SeijiSensei; November 29th, 2012 at 05:15 PM.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
Just Give Me the Beans!
well, it is a lab school network, so i cant create a whitelist of sites, since some people will be doing some research there and i cant be sure of site they will be looking for ansewers, and there isnt a DNS server on the lab, just a external dns and the students machines just have few permissions.
the proxy is on the boder of the network, and in the same machine it has a ids sensor(snort).
Just Give Me the Beans!
well, it is a lab school network, so i cant create a whitelist of sites, since some people will be doing some research there and i cant be sure of site they will be looking for ansewers, and there isnt a DNS server on the lab, just a external dns and the students machines just have few permissions.
the proxy is on the boder of the network, and in the same machine it has a ids sensor(snort).
Posting Permissions
Adv Reply
Bookmarks