Topic: blocking internal IPs e-smith 5.6 specific (iptables)

[Pat Erler]

hi!

could someone provide me with a one-liner to block and unblock an internat IP from accessing the internet. the translation of

/sbin/ipchains -I input -s 192.168.0.$IP -j DENY -l
/sbin/ipchains -I output -s 192.168.0.$IP -j DENY -l

and

/sbin/ipchains -D input -s 192.168.0.$IP -j DENY -l
/sbin/ipchains -D output -s 192.168.0.$IP -j DENY -l

into iptable-speech if you will...

thanks in advance,

regards,

PAT

[Ari]

>
> /sbin/ipchains -I input -s 192.168.0.$IP -j DENY -l
> /sbin/ipchains -I output -s 192.168.0.$IP -j DENY -l
>

/sbin/iptables -I INPUT -s 192.168.0.$IP -j DROP -I
/sbin/iptables -I OUTPUT -s 192.168.0.$IP -j DROP -I


> and
>
> /sbin/ipchains -D input -s 192.168.0.$IP -j DENY -l
> /sbin/ipchains -D output -s 192.168.0.$IP -j DENY -l
>

/sbin/iptables -D INPUT -s 192.168.0.$IP -j DROP -I
/sbin/iptables -D OUTPUT -s 192.168.0.$IP -j DROP -I

Cheers!
Ari

[Pat Erler]

oh, that easy? thanks

PAT

[Dan Brown]

That was easy...  Would you happen to know of some simple guide to converting ipchains to iptables, or is it just "read the manpages and translate"?

[Pat Erler]

that specific case was easy - and i cold have found out by myself i must admit, slightly ashamed

i'm sure there are tutorials and even tools, but right now i try to stay away from that whole topic as far as possible, it made me dizzy enough to grasp ipchains...

have a look at freshmeat.net ...

regards,

PAT