darlan.picetti
(usa CentOS)
Enviado em 26/02/2013 - 17:18h
Melhor fechar o facebook com IPTABLES.
Insira estas regras no seu arquivo de firewall.
# FECHANDO RANGES COM DOMINIOS HTTPS
RANGES_HTTPS_NEGADOS=`awk -F'/' '!/#/{s=(s)?s" "$NF:$NF}END{print s}' /etc/squid/redessociais`
iptables -N RANGES_HTTPS_NEGADOS
for https_deny in $RANGES_HTTPS_NEGADOS; do
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range $https_deny --dport 443 -j RANGES_HTTPS_NEGADOS
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range $https_deny --dport 80 -j RANGES_HTTPS_NEGADOS
done
# LIBERAR RANGES HTTPS PARA LISTA DE IPS AUTORIZADOS.
IPS_ALLOW=`awk -F'/' '!/#/{s=(s)?s" "$NF:$NF}END{print s}' /etc/squid/liberados-redessociais`
for DEP in $IPS_ALLOW; do
iptables -I RANGES_HTTPS_NEGADOS -s $DEP -j ACCEPT
done
iptables -A RANGES_HTTPS_NEGADOS -j DROP
depois cria os arquivos /et/squid/redessociais e /et/squid/liberados-redessociais
insira o seguinte conteudo no arquivo redessociais
# Range do Googleacounts.
74.125.0.0-74.125.255.255
# Range do 4 Shared
199.101.132.0-199.101.135.255
# Range do Facebook
69.171.224.0-69.171.255.255
173.252.64.0-173.252.127.255
31.13.64.0-31.13.127.255
31.13.24.0-31.13.31.255
74.119.76.0-74.119.79.255
69.63.176.0-69.63.191.255
69.171.224.0-69.171.255.255
66.220.144.0-66.220.159.255
204.15.20.0-204.15.23.255
173.252.64.0-173.252.127.255
# Range do TWITTER.
209.207.128.0-209.207.255.255
199.59.148.0-199.59.151.255
209.207.239.0-209.207.239.254
209.207.0.12-209.207.0.254
199.59.150.7-199.59.150.230
199.59.149.220-199.59.149.235
199.59.148.0-199.59.148.200
# Range do Hotmail
65.52.0.0-65.55.255.255
207.46.0.0-207.46.255.255
#### Fin do arquivo redessociais
e insira os Ips que terão acesso as redes sociais no arquivo /et/squid/liberados-redessociais
################################################################
# Libera redes Sociais aos usuarios listados #
# #
################################################################
# Fulano
192.168.0.106
# Ciclano
192.168.0.101
# Beltrano
192.168.0.103
Só lembra de fazer as reservas de IP no dhcp e pronto meu..... seja feliz!