Problem:Theres is a guy within the regular net users that likes to connect his personal laptop, which is not allow. Internet access is reguled by squidguard. But this computer has a kind of proxy dialing (i guess AOL) and always get access.
Solution:Blocking him with
iptables.
but:
first, dont know how to setprop the template rule
so i tried to write down the rule into /etc/rc.d/init.d/masq.
/sbin/iptables --append OUTPUT -s 192.168.8.251 -j DROP
/sbin/iptables --append INPUT -s 192.168.8.251 -j DROP
/sbin/iptables --append FORWARD -d 192.168.8.251 -j DROPso when i check it with
#iptables -L -nit shows
Chain local_chk_2073 (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.8.0/24 0.0.0.0/0
DROP all -- 192.168.8.251 0.0.0.0/0
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
DROP all -- 0.0.0.0/0 208.101.33.100
DROP all -- 192.168.8.251 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 208.101.33.100
DROP all -- 192.168.8.251 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
But the computer still geting outside conection
either blocking 208.101.33.100 from the out side, but it still reaching the address from inside.
Help: I have all ready checkout documentation, but it only says
"creating pinholes for your application."I want him without any network service.!
Any advice on what to do?
which could be the correct CONFIG SETPROP sentence?
Where to learn about?
Thank's for read!
4 Replies
1423 Views