Blocking selected clients with iptables
scsmith1451 at totacc.com
Fri Dec 30 20:24:01 MST 2005
Jason K Larson wrote:
> Stephen Smith wrote:
>> I'm running 192.168.1.x network at home where I have several
>> computers. One is a Win98 box. I would like to block it from access
>> to the internet (no security), yet maintain its ablility to talk to
>> other computers and print servers on my internal network. I'm using
>> a separate RH9 box for my firewall with a 10.0.0.2 address talking to
>> my DSL Modem at 10.0.0.1, both hard coded. I've been using gShield
>> to configure my fw which has been rock solid for more that three
>> years, however, it does not have any features that I recognize to
>> block clients, only external hosts. So I've been trying to add rules
>> to iptables directly to effect blockage.
>> I've tried -
>> iptables -A INPUT -s 192.168.1.x -d 10.0.0.1 -j DROP
>> iptables -A INPUT -s 192.168.1.x -p ALL -d 10.0.0.1 -j DROP
>> iptables -A INPUT -s 192.168.1.x -p ALL --dport 80 -j DROP
>> iptables -A INPUT -s 192.168.1.x.-p ALL --multiport -dport
>> 80,8080,8008,443 -j DROP
>> and many variations of the above. Yet none of them stop MSExplorer
>> from accessing the net. Not being a network guy but an Oracle guy, I
>> need a bit of help to solve this problem. Could someone out there
>> help out a floundering DBA?
> Try such rules in POSTROUTING of the nat table, or in the OUTPUT or
> FORWARD chains of the filter table. Obviously these need to preceed
> any other rules that would move then to another chain or table as is
> likely happening with your INPUT chain.
> I'd personally recommend POSTROUTING of the nat table.
> Jason K Larson
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
Thanks that worked.
More information about the PLUG