Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Raymond den Ouden on April 20, 2002, 02:40:40 AM

Title: block one IP for outgoing traffic
Post by: Raymond den Ouden on April 20, 2002, 02:40:40 AM: Hi,

can someone tell me how I can block all internet traffic and then only allow a few IP's for internet traffic?

for example:
I want to block al internet traffic, except for 192.168.0.50

if someone can tell me the ipchains commands I would be very happy!

regards,

Raymond
Title: Re: block one IP for outgoing traffic
Post by: Nathan Fowler on April 21, 2002, 04:02:46 AM: Correct me if I am wrong, but I believe the command you are seeking is:

/sbin/ipchains -A input -s !192.168.0.50 -d !192.168.0.1/24 -j DENY -i eth(X)

By using the ! (NOT) operator, you are able to deny all IP address except the one specified. The above rule should deny all internal traffic outbound, and should allow all traffic communication from all internal machines to the E-Smith box.

Change the eth(x) to either eth0 or eth1, depending on whichever ethernet device is your local interface. To find this simply type "ifconfig |grep 192.168.0" and determine your ethernet interface number. N ote that if you specify the eth interface of your external network you will basically disallow all external traffic to that box.

Let me know if you have problems.

Nathan Fowler
evilghost@stickit.nu

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies