[FUG-BR] BLOQUEIO DE MSN

[Paulo Henrique BSD Brasil]

Em 10/2/2011 14:06, Departamento de TI escreveu:
> PREZADOS AMIGOS, BOA TARDE
>
> ESTOU COM DIFICULDADES PARA BLOQUEAR O MARVADO MSN NA EMPRESA. EU TINHA
> FEITO ALGUMAS CONFIGURAÇÕES QUE POR CERTO TEMPO RESOLVEU, MAS AGORA O
> MSN CONSEGUIU SE CONECTAR NOVAMENTE.
>
> JÁ FIZ TODOS OS PROCEDIMENTOS QUE ENCONTREI NA INTERNET, MAS MESMO ASSIM
> O PROGRAMA WINDOWS LIVE MESSENGER CONSEGUE CONECTAR.
>
> SE ALGUEM PUDER ME AJUDAR FICARIA IMENSAMENTE GRATO.
>
> SEGUE CONFIGURAÇÃO DO MEU SQUID.CONF E LOGO DEPOIS A DO IPFW:
>

Meus olhos agradece a educação, por favor ler a netiqueta.


> *****************  SQUID.CONF  *****************************
>
> cache_dir diskd /usr/local/squid/cache 10000 32 512 Q1=72 Q2=64
> http_port 3128 transparent
> visible_hostname Shiva
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 901 # swat
> acl Safe_ports port 1025-65535 # portas altas
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl bloqueados dstdomain "/usr/local/etc/squid/bloqueados"
> acl palavras url_regex -i "/usr/local/etc/squid/palavras"
> acl redelocal src 192.168.0.0/24
> acl diretoria src 192.168.0.40
> acl msn_port port 1863
> acl msn_port2 port 5223
> acl serv_msn dst 200.46.110.0/24
> acl serv_msn dst 64.4.13.0/24
> acl app_msn req_mime_type -i ^application/x-msn-messenger$
> acl msn_messenger url_regex -i /gateway/gateway.dll
> acl msn_dom dstdomain loginnet.passport.com
> acl msn_dom dstdomain messenger.msn.com
> acl msn_dom dstdomain messenger.msn.ca
> acl msn_dom dstdomain messenger.msn.net
> acl msn_dom dstdomain im.sapo.pt
> acl msn_dom dstdomain webmessenger.msn.com
> acl msn_dom dstdomain c.msn.com
> acl msn_dom dstdomain config.messenger.msn.com
> acl msn_dom dstdomain login.live.com
> acl msn_dom dstdomain amsn-project.net
> acl msn_dom dstdomain passport.com
> acl msn_dom dstdomain passport.net
>
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow diretoria
> http_access deny bloqueados
> http_access deny palavras
> http_access deny CONNECT msn_port
> http_access deny msn_port
> http_access deny msn_port2
> http_access deny serv_msn
> http_access deny app_msn
> http_access deny msn_dom
> http_access deny msn_messenger
> http_access allow localhost
> http_access allow redelocal
> http_access deny all
>
> error_directory /usr/local/etc/squid/errors/Portuguese
>
>
> ****************** IPFW ***********************
>
> 00050 divert 8668 ip4 from any to any via rl0
> 00055 reset tcp from 192.168.0.0/24 to 207.46.0.0/16 dst-port 1863,80
> keep-state
> 00057 deny tcp from 192.168.0.0/24 to 65.54.239.142 keep-state
> 00060 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port 80 via
> ste0
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 01000 deny ip from 10.0.0.0/24 to 192.168.0.0/24
> 65000 allow ip from any to any
> 65535 deny ip from any to any
>
>
> Agradeço desde já a cooperação...
>
> Obrigado
>
>
Descomplique com PFSense...  a menos que possua algum software 
especifico no qual não é suportado no mesmo !!

Att.