Topic: block one IP for outgoing traffic

[Raymond den Ouden]

Hi,

can someone tell me how I can block all internet traffic and then only allow a few IP's for internet traffic?

for example:
I want to block al internet traffic,  except for 192.168.0.50

if someone can tell me the ipchains commands I would be very happy!

regards,

Raymond

[Nathan Fowler]

Correct me if I am wrong, but I believe the command you are seeking is:

/sbin/ipchains -A input -s !192.168.0.50 -d !192.168.0.1/24 -j DENY -i eth(X)

By using the ! (NOT) operator, you are able to deny all IP address except the one specified.  The above rule should deny all internal traffic outbound, and should allow all traffic communication from all internal machines to the E-Smith box.

Change the eth(x) to either eth0 or eth1, depending on whichever ethernet device is your local interface.  To find this simply type "ifconfig |grep 192.168.0" and determine your ethernet interface number.  N ote that if you specify the eth interface of your external network you will basically disallow all external traffic to that box.

Let me know if you have problems.

Nathan Fowler
evilghost@stickit.nu