Re: filtrowanie niechcianych userow

[Piotr Romanczuk <piotr.romanczuk@huragan.koncept-studio.com.pl>]

IPT="/sbin/iptables"
LOCAL_IFACE=xxx.xxx.xxx.xxx

# Create separate chains for icmp, tcp (incoming and outgoing),
# and incoming udp packets.
[...]
# Used to block outbound services from internal network
# Default to allow all
$IPT -N tcp_outbound

[...]
# tcp_outbound chain
#
# This chain is used with a private network to prevent forwarding for
# requests on specific protocols.  Applied to the FORWARD rule from
# the internal network.  Ends with an ACCEPT

#accept only news, pop3 i smtp
$IPT -A tcp_outbound -p TCP -m mac --mac-source ff:d0:b7:e6:1a:bc -m 
multiport --destination-port nntp,pop3,smtp -j ACCEPT
$IPT -A tcp_outbound -p TCP -m mac --mac-source ff:d0:b7:e6:1a:bc -j REJECT

[...]

# Accept TCP packets we want to forward from internal sources
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound


musisz jeszcze dodać reguły domyślne (czy blokujesz wybranych, a 
wypuszczasz wszystkich, czy też na odwrót)

a ogólnie, najlepszy tutorial iptables jaki widziałem:
http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/iptables-tutorial.html


--
pozdrawiam
pr