squid problem

David A. Sinck plug-discuss@lists.plug.phoenix.az.us
Wed, 4 Dec 2002 08:02:10 -0700


\_ SMTP quoth Nathan England on 12/3/2002 23:14 as having spake thusly:
\_
\_ -----BEGIN PGP SIGNED MESSAGE-----
\_ Hash: SHA1
\_ 
\_ 
\_ I agree completely, but you must realise, this is Payson. If the
\_ employee shows up for work everyday, that's better than 99% of the
\_ rest of the people in this town!

Still, your company needs to present a warning.

Maybe a nice rewrite rule that sends it to download a wav recorded at
max volume that says "GET BACK TO WORK".

\_ We use cable access, and it has to dial up before you can use
\_ it. [...]

1) use iptables
2) Don't use the external IP address you get...use the device eg: 
'-o ppp' or '-i eth2' or whatever seems appropriate.  That way your
rules can stay good without a manual reset.

\_ ipchains -A input -p tcp -s 192.168.0.5 -d mail.yahoo.com -j DENY

I'm not sure if that rule would resolve to all possible
mail.yahoo.coms or simply the first it got from a lookup.  That'd be
an interesting tidbit to know.


David