Topic: Deny access

[smnirosh]

how can I make deny accessing the server from specific computer of the network?

[Stefano]

please, give us more details.. explain your aim and your needs

thank you

[smnirosh]

We have installed openerp. I want to know if there any possibility to deny access to openerp webportal to specific computer or specific domain user etc..

[Stefano]

I don't know openerp but, if it is a web app served by apache, you can use a .htaccess file (search with google)

if it isn't, your best bet is to ask on openerp's support page

[smnirosh]

No it is not important openerp. But i need to know that is there any posibility to deny access to this linux server by other users who is not in the domain. Eg: if it is not a domain joined computer. On windows we can block by firewall. How to do it in linux?

[Stefano]

well, this is different from what you said before..
please, when asked for clarification, explain your problem, not your solution..

in any case, it isn't still clear to me what you need..
do you need to "ban" some hosts? if so, is it a "per app/protocol" need or not?
do you need to "ban" users?

please be aware (and remember) that "domain", in windows' perspective, is related to AD.. we have no such a feature here.

please, again, explain (with all the details) what you want to do

thank you

[smnirosh]

Now the word came out. BAN. All the computers are joined to sme domain. I want to ban other computers who are not domain. I want to do exact the thing now i explained. (You gave me the correct word "ban". )

[DanB35]

OK, you want to "ban" them.  I'm not sure that's any more useful of a term than "block", but it's certainly an alternative.  But from what?  From OpenERP?  From any web applications?  From being able to send email?  Receive?  Share files?  Access the Internet?

And, to elaborate on Stefano's mention, what exactly do you mean here by "domain"?  A Windows/Active Directory domain?  An Internet domain (example.com)?  Those two concepts are completely unrelated, except for the name--Microsoft appropriated a term that was already in widespread use in IT, and used it to mean something completely different.

[janet]

smnirosh

You ask how to do "it" in Linux after saying you know how to do "it" in Windows using the firewall.

Well unless you can find a suitable db command in the wiki or find a suitable howto or FAQ example, then I think iptables can/will probably do what you want

Typically you would need to read up on iptables
eg
man iptables
or
Google for iptables
then create a custom template for masq
Ie
read the wiki for examples re how to create custom templates.
This is effectively changing the firewall (same as you say you do in Windows).

You need to specify more clearly & precisely the parameters you want to block or ban on eg workstation IP, logged in usernane & so on.

[smnirosh]

Yes by the the ip address. If i go to port (8089), all the clients might not have access? Better to go to ip address blocking

[Stefano]

well, assuming that on port TCP 8089 you have a service defined in SME's configuration db, you can use the AllowHosts key

something like

Code: [Select]

db config setprop yourservice AllowHosts a.b.c.d,x.y.z.0/32
signal-event remoteaccess-update

search the wiki, the FAQ and here in the forums

[smnirosh]

something like

Code: [Select]

db config setprop yourservice AllowHosts a.b.c.d,x.y.z.0/32
signal-event remoteaccess-update


Ok. an important code. Can i change "Allowhosts" to "Denyhosts" and type the ip address of the host which is planned to banned?

[Stefano]

if you use the AllowHosts directive only those hosts are permitted.. IMO it's easier

[Daniel B.]

Note that AllowHosts/DenyHosts are only effective for external IP, not for clients from the LAN

[smnirosh]

ok stefano it seems helpful. But for me, can i go for a "Deny" term instead of Allow? like iptables ?