Thread: How to Block Ultrasurf
View Single Post

  #6 (permalink)  
Old 11-22-2007, 06:59 AM
laluvirtual laluvirtual is offline
Junior Member
User
  
Join Date: Nov 2007
My distro: Fedora
Posts: 10
Rep Power: 0
laluvirtual is on a distinguished road
Default
I tried both. this is using iptables
Code:
*mangle
:PREROUTING ACCEPT [192.168.1.0:24]
:OUTPUT ACCEPT [0:0]

-A PREROUTING -p tcp --dport 22 -j TOS --set-tos 0x10
COMMIT

*filter
:INPUT ACCEPT [32296:2595574]
:FORWARD ACCEPT [327:113979]
:OUTPUT ACCEPT [42157:3445894]
#firewall
-P FORWARD DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

# Block MAC
#suspect
#-A INPUT -m mac --mac-source 00:0E:7B:C9:13:0B -j DROP

#Block IP
#UltraSurf
-A INPUT -s 67.15.183.30 -j DROP
-A FORWARD -s 67.15.183.30 -j DROP
-A OUTPUT -s 67.15.183.30 -j DROP

-A INPUT -p tcp -m tcp --dport 9666 -j DROP
-A FORWARD -p tcp -m tcp --dport 9666 -j DROP
-A OUTPUT -p tcp -m tcp --dport 9666 -j DROP


:INPUT ACCEPT [192.168.1.0:24]
:FORWARD ACCEPT [192.168.1.0:24]

:OUTPUT ACCEPT [0:0]

#-A INPUT -p tcp -m tcp --dport 10000 -j DROP
-A INPUT -i eth0 -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT

COMMIT

# Completed on Wed Jun 21 12:35:13 2006
# Generated by iptables-save v1.2.3 on Wed Jun 21 12:35:13 2006
*nat
:PREROUTING ACCEPT [8009433:454311769]
:POSTROUTING ACCEPT [1529638:95155672]
:OUTPUT ACCEPT [1273134:83856339]
-A PREROUTING -s 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.xxx:port
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
some lines on iptables script above i cut for security reason but if u want it, let me know and i will send it to your inbox.


and this one using squid
Code:
acl porn1 dstdomain "/etc/squid/data_porn.txt"
this is content of data_porn.txt
.ultra*
.wujie.net


yes i sure that my user using proxy (transparent), all site that i put at data_porn.txt can't be access. this is an example
Code:
ERROR

 The requested URL could not be retrieved

   While trying to retrieve the URL: sex.com 
 The following error was encountered:
  •   Access Denied.   Access control configuration prevents your request from being allowed at this time.  Please contact your service provider if you feel this is incorrect.
    • 

Your cache administrator is webmaster@MYDOMAIN.COM.    
 
  Generated Thu, 22 Nov 2007 01:30:46 GMT by proxy.MYDOMAIN.COM (squid/2.5.STABLE14)
Note: its only not work at Internet Explorer (IE) Browser

I really need your help nixcraft
Thank you
Last edited by laluvirtual; 11-23-2007 at 09:34 AM..
Reply With Quote