Blocking MSN Live services with Tomato

9 posts / 0 new
Last post
Striatum
Striatum's picture
Blocking MSN Live services with Tomato

Hi,

 

I want to establish rules for my kids on this beginning scholar year ...(lol)

 

As more and more homework is based on web searches, blocking wireless access wouldn't be a correct solution.

They mostly use Live Messenger and Facebook to tchat.

 

I tried to configure a restriction access rule, using: 

-preconfigured layer7 rule msnmessenger: fail

-blocking ports 1863,901, 6891-6900: fail

-HTTP request:webmessenger.msn.commessenger.hotmail.comgateway.messenger.hotmail.com,

loginnet.pasport.com: fail.

 

All above together: fail...

 

Is there a way ?

 

Or using iptables rules, but how to schedule those rules?

 

I must precise I use a permanent openvpn connection.

 

Thanks 

Striatum
Striatum's picture
It seems to be a hard

It seems to be a hard question...

Kong
Kong's picture
You said you already

You said you already configured the above Access Restrictions, don't they work?
If they are not working, use wireshark to see what other servers and ports messanger connects to.

Striatum
Striatum's picture
I didn't try yet on my router

I didn't try yet on my router, but it seems that port blocking is useless (ports 80 and 443 are commonly used...).

Under Ubuntu, using firewall to prevent acces to 65.52.0.0/14 (Microsoft registered domain) seems to work.

It prenvents acces to all Microsoft sites, but as my goal is only to block MSN for a limited time it seems perfect, even if it's not very subtle ....

Kong
Kong's picture
Yes, that's why you can use

Yes, that's why you can use DD-WRTs access restrictions to block certain domains and protocols

Striatum
Striatum's picture
In fact there is a

In fact there is a msnmessenger Layer 7 rule in the Access Restriction panel in Tomato, but it is outdated, as now Live Messenger isn't linked to specific ports and can use 80 and 443 standard www ports to connect..

So to prevent connection with Live Messenger you must block all the login websites used by the service.

And in fact that type of blocking doesn't work in Tomato. You can surely block access through iptables, but not as a programmed rule.

I don't remember if dd-wrt provides this sort of blocking facilities, but if yes I will consider reverting to DD-wrt, if you Mod openvpn client section works for me ..

Thanks

Kong
Kong's picture
Yes checkout:
Striatum
Striatum's picture
Kong said: Yes checkout:

Kong said: Yes checkout: http://www.dd-wrt.com/demo/Filters.asp

Latest Tomato build have this too. You can block IP adresses, or domains.

Kong
Kong's picture
Ah and by the way, you can

Ah and by the way, you can now block any content that uses http, see:

http://www.myopenrouter.com/download/22510/DD-WRT-Kong-Mod-USB-FTP-SAMBA...

So you would be able to filter out for example messenger login pages:-)