Re: Enable disable packets outgoing on port 80 and 443
Re: Enable disable packets outgoing on port 80 and 443
- Subject: Re: Enable disable packets outgoing on port 80 and 443
- From: Jens Alfke <email@hidden>
- Date: Tue, 26 May 2009 10:17:55 -0700
On May 26, 2009, at 2:48 AM, Rahulkumar Tibdewal wrote:
I had thought of it for a time and come to conclusion if I can block
internet access only and not intranet by blocking outgoing packets
on port 80(HTTP) and 443(HTTPS).
If I am wrong please correct me.
It sounds like you mean "web access", not "internet access", since
blocking those ports won't do anything to affect connections to remote
mail servers, file servers, BitTorrent, networked games, SSH, netnews,
etc. etc. etc. Moreover, web servers can listen on any ports they
like, so if there were a web server running on a nonstandard port
someone could still access it using a URL like http://example.com:
8080/ .
If you want to block access to servers outside the intranet, then do
the blocking based on addresses. You presumably know the netmask of
your network, so you need to configure the OS routing tables to
disable routing of any addresses not in that mask.
Alternatively, if you can talk to the router, you can tell it to stop
routing packets for the given client machine. That's a lot more
foolproof since there's nothing that can be done on the client to get
around it (short of plugging in a new network card).
—Jens
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden