iptables (bloccare tutto specificando mac address)
'giorno a tutti :-)
il mio attuale firewall consiste in questo:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -f -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d 192.168.1.0/24 -j
ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
per motivi di sicurezza, vorrei bloccare tutte le connessioni della rete
interna (192.168.1.0) verso l'esterno consentendo soltanto i client
autorizzati.
Potrebbe essere sufficiente modificare queste regole impostando un DENY anzichè
un ACCEPT?
iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d 192.168.1.0/24 -j
ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
eppoi
iptables -I INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
per ogni singolo client?
grazie per l'aiuto! :-)
Pol
Reply to: