I am using iptables as a firewall on a linux box. It is actually a Linksys wrt54gs wireless router that has been converted to a linux box. Here's the problem, one of the machines on my network is a work machine that runs the business. The GM comes in and has no idea what she is doing, installs Yahoo IM and clicks every link she sees. I want to disable Yahoo IM and pretty much all IM's from that machine. I have the traffic to that machine isolated in iptables but I don't know how to fiter IM traffic. 1) there are about a zillion yahoo servers to to try to filter URL's would be a nightmare and would have to be constantly updated regularly. 2) Yahoo IM does not run on a specific port. It looks for port 5050 but if it's not there will use any port. Is there a few key central servers for Yahoo that you initially log onto? What other way is there to filter that traffic? I have found a part of packet data that is consistent with all Yahoo IM traffic. It is the string YMSG and it is in all chat and command packets. Can iptables filter for something in packet data? I don't want to fiter Yahoo from my whole network, just Yahoo IM traffic from one machine.