Re: filtrowanie niechcianych userow
IPT="/sbin/iptables"
LOCAL_IFACE=xxx.xxx.xxx.xxx
# Create separate chains for icmp, tcp (incoming and outgoing),
# and incoming udp packets.
[...]
# Used to block outbound services from internal network
# Default to allow all
$IPT -N tcp_outbound
[...]
# tcp_outbound chain
#
# This chain is used with a private network to prevent forwarding for
# requests on specific protocols. Applied to the FORWARD rule from
# the internal network. Ends with an ACCEPT
#accept only news, pop3 i smtp
$IPT -A tcp_outbound -p TCP -m mac --mac-source ff:d0:b7:e6:1a:bc -m
multiport --destination-port nntp,pop3,smtp -j ACCEPT
$IPT -A tcp_outbound -p TCP -m mac --mac-source ff:d0:b7:e6:1a:bc -j REJECT
[...]
# Accept TCP packets we want to forward from internal sources
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
musisz jeszcze dodać reguły domyślne (czy blokujesz wybranych, a
wypuszczasz wszystkich, czy też na odwrót)
a ogólnie, najlepszy tutorial iptables jaki widziałem:
http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/iptables-tutorial.html
--
pozdrawiam
pr
Reply to: