RE: Windows Update

Dear Rolando,

The easiest way to implement would be via squid:

# squid.conf v2.5.STABLE3
#================================================= ===============
# Allow windowsupdate.microsoft.com
# and deny everything else
acl windowsupdate dstdomain windowsupdate.microsoft.com
http_access allow windowsupdate
http_access deny all
#================================================= ===============

Other than that do lookup on windowsupdate.microsoft.com and add relevant ip's to filter rules for port = '80' && port = '443'.

# /usr/bin/dig windowsupdate.microsoft.com

a822.cd.akamai.net. 19 IN A 63.211.153.87
a822.cd.akamai.net. 19 IN A 63.211.153.89
a822.cd.akamai.net. 19 IN A 63.211.153.94
a822.cd.akamai.net. 19 IN A 63.211.153.95
a822.cd.akamai.net. 19 IN A 63.211.153.102
a822.cd.akamai.net. 19 IN A 63.211.153.111
a822.cd.akamai.net. 19 IN A 63.211.153.70
a822.cd.akamai.net. 19 IN A 63.211.153.79
a822.cd.akamai.net. 19 IN A 63.211.153.80

Hope this helps you out ...

--

-david
<dspezialie(at)netspace.net.au>

"By the time they had diminished from 50 to 8, the other dwarves began to suspect Hungry." -- a Larson cartoon


-----Original Message-----
From: Rolando Morales [mailto:RolandoMorales@torengineering.com]
Sent: Wednesday, 1 October 2003 09:24
To: ipfilter@coombs.anu.edu.au
Subject: Windows Update


I'm looking to allow my users (windows based) to use Windows Update anytime
of the day.
Even when they are not allowed to cruise the web. My problem is, I don't
know all the ip
address's that microsoft is using. Does anyone else have this problem? Is
there a way to
track this info down?
Rolando