There are lots of chat clients in China. MSN and QQ are by far the most popular though. I understand this is not a complete solution, making IM "less convenient" is often enough.

Our policy is quite lenient by local standards! Many companies here limit internet access completely. If you want to access a website, put a ticket in to be granted a remote desktop connection to the one internet-enabled machine...

-Droog

Well I've just uodate to the last trunk and now the l7 filter works.

If I set the rule

iptables -I FORWARD -m layer7 --l7proto msnmessenger -j DROP

even KMess can"t conect.

tex

Hi,
I realized that this rule block msn from connecting but doesn't disconnect an already connected msn ...

T.

(Last edited by Tex-Twil on 23 Apr 2008, 20:04)

so reboot your router any new connections will be killed by the rule

(Last edited by Marek on 24 Apr 2008, 13:01)

Great topic!
I tried to configure one router as described (WRT54GL, White Russian 0.9) and I get the following:
iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP
iptables: No chain/target/match by that name

My goal is to prohibit users from accessing yahoo and ms messenger. Thx in advance!

have you got corresponding pattern file in /etc/l7-protocols/ ?

Yeah, I have the patterns, the problem was I had to use "insmod /lib/modules/2.4.30/ipt_layer7" before adding chains.
Thanks Marek!

Edit: Is there a way to block meebo.com with White Russian ?

iptables -A INPUT -s meebo.com -j DROP
iptables -A OUTPUT -d meebo.com -j DROP

are useless!

(Last edited by teg_eviscerator on 15 Oct 2008, 09:14)