[suse-security] ipchains-rule to deny a special domain
hi! I want to deny the client-computers behind my router to access some special domains/ip-addresses in the internet. I tried something like "ipchains -A input -d xxx.yyy.zzz.xxx -p tcp -j DENY" and "ipchains -A input -s xxx.yyy.zzz.xxx -p tcp -j DENY" but it didn't work... What can I do to deny access? bye.
I want to deny the client-computers behind my router to access some special domains/ip-addresses in the internet. I tried something like "ipchains -A input -d xxx.yyy.zzz.xxx -p tcp -j DENY" and "ipchains -A input -s xxx.yyy.zzz.xxx -p tcp -j DENY" but it didn't work... you need to ouse -A forward, not input
hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
da_bug
hi!
I want to deny the client-computers behind my router to access some special domains/ip-addresses in the internet. I tried something like "ipchains -A input -d xxx.yyy.zzz.xxx -p tcp -j DENY" and "ipchains -A input -s xxx.yyy.zzz.xxx -p tcp -j DENY" but it didn't work... What can I do to deny access?
Try "ipchains -I input 1 -d xxx.y..." instead of "ipchains -A input -d xxx.y..." HTH Martin -- martin.peikert@innominate.com innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
hi!
I want to deny the client-computers behind my router to access some special domains/ip-addresses in the internet. I tried something like "ipchains -A input -d xxx.yyy.zzz.xxx -p tcp -j DENY" and "ipchains -A input -s xxx.yyy.zzz.xxx -p tcp -j DENY" but it didn't work... What can I do to deny access?
ipchains -A input -p all -s [your.domain/netmask] -d aaa.bbb.ccc.ddd/netmask -i [internal eth] -j DENY -l This rule checks packet where it is coming from and where it is going to. The -i internal interface specifies the network adapter on which the packet should be dropped and the -j DENY denies (of course) the packet. The -l is "turn logging on" for you to see whether your rule works. As soon as you see that it works you disable -l if you don't want ipchains logging these events. HTH Philipp
hi! PS> ipchains -A input -p all -s [your.domain/netmask] -d PS> aaa.bbb.ccc.ddd/netmask -i [internal eth] -j DENY -l what is the netmask of any domain in the i-net? bye.
hi!
PS> ipchains -A input -p all -s [your.domain/netmask] -d PS> aaa.bbb.ccc.ddd/netmask -i [internal eth] -j DENY -l
what is the netmask of any domain in the i-net?
netmask is eg 24 Bits long = 255.255.255.0 If you don't know what to do with this information, read net3-howto to learn more about the internet protocol. You can also read this 3Com document, which indeed describes very good the use of the Internet Protocol: http://www.3com.com/nsc/501302.html and then you should read RFC 791 on www.rfc-editor.org
participants (4)
-
da_bug -
Markus Gaugusch -
Martin Peikert -
Philipp Snizek