From owner-freebsd-questions Tue Jan 21 14:17:20 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74B6537B406 for ; Tue, 21 Jan 2003 14:17:18 -0800 (PST) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AFBF43EB2 for ; Tue, 21 Jan 2003 14:17:17 -0800 (PST) (envelope-from kirk@strauser.com) Received: from pooh.honeypot.net.strauser.com (kirk@pooh.honeypot.net [10.0.5.128]) by kanga.honeypot.net (8.12.6/8.12.6) with ESMTP id h0LMHAQi099034 for ; Tue, 21 Jan 2003 16:17:10 -0600 (CST) (envelope-from kirk@strauser.com) To: freebsd-questions@freebsd.org Subject: Re: IPFW, blocking IM servers References: <34651.63.104.35.130.1043185192.squirrel@email.polands.org> From: Kirk Strauser Date: Tue, 21 Jan 2003 16:17:07 -0600 In-Reply-To: <34651.63.104.35.130.1043185192.squirrel@email.polands.org> ("Doug Poland"'s message of "Tue, 21 Jan 2003 15:39:52 -0600 (CST)") Message-ID: <87hec2jggs.fsf@pooh.honeypot.net> Lines: 30 X-Mailer: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i386-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-=-= Content-Transfer-Encoding: quoted-printable At 2003-01-21T21:39:52Z, "Doug Poland" writes: > Sorry for this slightly off-topic post... Is there a comprehensive list > of IM servers (names, IPs) available? I'd like to block IM servers from > certain users on my network. No, nor will there be one. Anyone with a server can set up Jabber on any port they want. > From what I've gathered on google, the only effective stragegy is to use > firewall (in my case, IPFW) rules to block IP's, names. OK, first, this is really more of an administrative issue than a technical one. Tell your employees that if they IM for non-work issues (and that IM is logged, whether it is or not), then they are fired. Get your boss to back you. Then, it's not *your* problem if people are wasting their time at work. Second, the only reasonable way to do this is to block *everything* except traffic you want to allow. No client machine needs direct Internet access to send email - make them use a smarthost. Force all machines to surf the web via a Squid proxy, and only let that machine connect out on port 80. Either way is going to piss off a lot of people, so decide in advance which one you can live with. :) =2D-=20 Kirk Strauser In Googlis non est, ergo non est. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+Lcbm5sRg+Y0CpvERAsLCAJ9wHsQrG6MZ1o46WfsSFT1nQXsKlQCfXKzN ovvJIlwWb+8WgdGBCEq1J/I= =8ZiX -----END PGP SIGNATURE----- --=-=-=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message