Re: iptables question specific to "go" (Linux firewall)

Hi,

I would really encourage you to find more "social" answers to this
problem.

Working out the protocols to all the potential Go servers out there, and
writing specific iptables rules is going to be a very complex and very
fragile solution. If your relative has even a mild interest in breaking
the system then he's going to have little trouble circumventing this. (If
he needs a hand, give him my email address ;-). The thought does strike me
that this could well be the impetus to propel him down the murky road to
hacking. Caveat censor.

If you are fixed on going down this route, I would suggest a more simple
and robust approach: cut off the Internet connection entirely (or just
block the specific ports) in the specified time interval. Arrange for a
popup message on his system fifteen minutes before the cutoff. That allows
your relative to arrange either to finish the game in time or to elegantly
postpone the game in time. Of course, it would also ruin any overnight
downloads etc.

As to firewalling just the servers, consider the large number of Go
servers out there. Even if you just blocked the ports (without the idea of
reverse-engineering the protocol) it's unnecessarily complex. Plus, all
that your relative would need would be ssh access to some other server
(either a friend's linux machine or some other machine in the house to
which he has access) in order to set up a tunnel that would bypass all
your hard work.

In short, I'd take the approach of asking him not to do it. If you want to
enforce it beyond that, Go and sit on the Go server in question and look
out for his username. Scold appropriately. If you could stand it, just
pull the Internet connection. (A hideous and deeply unsettling idea.)

Of course, if you just want to have fun playing with your iptables scripts
then I wouldn't dream of stopping you ;-)

Joss

--
Joss Wright
Comp. Science Department http://www.pseudonymity.net/~joss
York University http://www.cs.york.ac.uk/~joss

.

Relevant Pages

  • Re: SMTP
    ... gives the generic telnet connection and RFC a GUI, so that I could use it to security-test the servers I work with. ... The program is capable of learning protocols by reading trough snoop-logs of communication on that protocol between a server and a client that already knows what to do. ... protocols I intend to work with have something in comon and that I can successfully replicate the common sense people usualy utilize when reading RFCs. ... The current version is looking out for response codes, so it obviously doesn't even work with POP3. ...
    (comp.protocols.misc)
  • Re: USTAD BADE GHULAM ALI KHAN SPECIALL SHOW ON GEO TV PAKSITAN.
    ... It's the same data you are retrieving thru various protocols, SMTP, ... But in all servers which are in NNTP mesh. ...
    (rec.music.indian.classical)
  • Re: Firewall between DC and Member Server
    ... Steve's article actually lists all the protocols required between AD client ... We have decided not to use IPsec to deploy AD in our multiDMZ environment. ... > traffic - or limit RPC to known ports as well as the AD ports. ... >> member servers at another. ...
    (microsoft.public.security)
  • Re: ISA 2000 and Microsoft Update site?
    ... If I don't enable an 'allow all protocols' rule, then the w2k servers all ... fail when trying to download and install updates. ...
    (microsoft.public.isaserver)
  • Re: Email logging/message tracking
    ... what I am trying to do is to get them archived as text files on disk. ... available by way of free or cheap SMTP servers for Windows, ... Linux machine, compress it to archive files about once a month and ...
    (microsoft.public.windows.server.sbs)
Loading