squid problem
David A. Sinck
plug-discuss@lists.plug.phoenix.az.us
Wed, 4 Dec 2002 08:02:10 -0700
\_ SMTP quoth Nathan England on 12/3/2002 23:14 as having spake thusly:
\_
\_ -----BEGIN PGP SIGNED MESSAGE-----
\_ Hash: SHA1
\_
\_
\_ I agree completely, but you must realise, this is Payson. If the
\_ employee shows up for work everyday, that's better than 99% of the
\_ rest of the people in this town!
Still, your company needs to present a warning.
Maybe a nice rewrite rule that sends it to download a wav recorded at
max volume that says "GET BACK TO WORK".
\_ We use cable access, and it has to dial up before you can use
\_ it. [...]
1) use iptables
2) Don't use the external IP address you get...use the device eg:
'-o ppp' or '-i eth2' or whatever seems appropriate. That way your
rules can stay good without a manual reset.
\_ ipchains -A input -p tcp -s 192.168.0.5 -d mail.yahoo.com -j DENY
I'm not sure if that rule would resolve to all possible
mail.yahoo.coms or simply the first it got from a lookup. That'd be
an interesting tidbit to know.
David