[ale] iptables oddity?

synco gibraldter synco at xodarap.net
Sat Sep 13 13:23:49 EDT 2003 

try:

iptables -A INPUT -p tcp -s 192.168.0.10/32 --dport 80 DROP;

it's in my script and works cleanly


On 13 Sep 2003 at 12:56, Robert L. Harris wrote:

> 
> 
> I'm trying to block a single computer on my home lan, my son's, from
> getting direct www access so I can force it to go through my squid
> proxy server which will have squid guard on it before the end of the
> week. I've put rules in place to allow certain things and block
> certain things but somehow it's still getting through.  Config is
> simple:
> 
> Firewall has 2 interfaces eth0 and eth1
>   eth0 on the cablemodem
>   eth1 on the switch to my 192.168 nat'd subnet.
> 
> My son's machine is at 192.168.0.10.  I put in this:
> 
>   #
>   # WWW Traffic from spirit
>   $IPTABLES -A INPUT --proto tcp -i $IFACE2 --source sprit.rdlg.net
>   --destination-port 80 -j DROP $IPTABLES -A INPUT --proto udp -i
>   $IFACE2 --source sprit.rdlg.net --destination-port 80 -j DROP
>   $IPTABLES -A INPUT --proto tcp -i $IFACE2 --source 192.168.0.10
>   --destination-port 80 -j DROP $IPTABLES -A INPUT --proto udp -i
>   $IFACE2 --source 192.168.0.10 --destination-port 80 -j DROP
> 
> I do have this:
>   # this is a rule to let all my local traffic through
>   $IPTABLES -N local
>   $IPTABLES -A local -m state --state NEW -i ! $IFACE1 -j ACCEPT
> 
> 
>   If I put the deny/DROP line before or after the local rules no
>   change.
> If I comment out the local rules no-one can get from behind the
> firewall out.
> 
>   I know it's something small and stupid.  I'm attaching a slightly
> cleaned up copy of the script.  Thoughts?
> 
> Robert
> 
> 
> 
> 
> 
> 
> 
> :wq!
> ----------------------------------------------------------------------
> ----- Robert L. Harris                     | GPG Key ID: E344DA3B
>                                    @ x-hkp://pgp.mit.edu
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> 
> Life is not a destination, it's a journey.
>   Microsoft produces 15 car pileups on the highway.
>     Don't stop traffic to stand and gawk at the tragedy.
> 



--    synco gibraldter
--    atlanta, ga
--    synco at xodarap.net
--    key id: 0xC5117E0A

More information about the Ale mailing list