Blocking selected clients with iptables

Stephen Smith scsmith1451 at totacc.com
Fri Dec 30 20:24:34 MST 2005


Chris Carey wrote:

>On 12/29/05, Stephen Smith <scsmith1451 at totacc.com> wrote:
>  
>
>>I'm running 192.168.1.x network at home where I have several computers. One is a Win98 box.  I would like to block it from access to the internet (no security), yet maintain its ablility to talk to other computers and print servers on my internal network.  I'm using a separate RH9 box for my firewall with a 10.0.0.2 address talking to my DSL Modem at 10.0.0.1, both hard coded.  I've been using gShield to configure my fw which has been rock solid for more that three years, however, it does not have any features that I recognize to block clients, only external hosts. So I've been trying to add rules to iptables directly to effect blockage.
>>
>>I've tried -
>>
>>iptables -A INPUT -s 192.168.1.x -d 10.0.0.1 -j DROP
>>iptables -A INPUT -s 192.168.1.x -p ALL -d 10.0.0.1 -j DROP
>>iptables -A INPUT -s 192.168.1.x -p ALL --dport 80 -j DROP
>>iptables -A INPUT -s 192.168.1.x.-p ALL --multiport -dport 80,8080,8008,443 -j DROP
>>
>>and many variations of the above.  Yet none of them stop MSExplorer from accessing the net.  Not being a network guy but an Oracle guy, I need a bit of help to solve this problem.  Could someone out there help out a floundering DBA?
>>
>>
>>/*
>>PLUG: http://plug.org, #utah on irc.freenode.net
>>Unsubscribe: http://plug.org/mailman/options/plug
>>Don't fear the penguin.
>>*/
>>
>>    
>>
>
>I wonder if this would work:
>
>iptables -I FORWARD -s 192.168.1.x -o eth1 -j DROP
>
>English: When source is 192.168.1.x, and its trying to go out eth1
>(replace with your external interface name), drop.
>
>/*
>PLUG: http://plug.org, #utah on irc.freenode.net
>Unsubscribe: http://plug.org/mailman/options/plug
>Don't fear the penguin.
>*/
>
>  
>
Thanks this works as well.



More information about the PLUG mailing list