|
Preventing internal network traffic with linux firewall
Hi Guys,
Does anyone know if it is possible to filter/block network traffic between internal hosts on a lan? Eg. : Linux firewall/router ( 192.168.0.1) - LAN Default G/W - all internal > external traffic gets filtered. How would you filter tcp/ICMP/UDP traffic from internal host a ( 192.168.0.2 ) to host b ( 192.168.0.3) All the internal hosts have the linux f/w as the default gateway, and are all on the same /24 subnet. I would like to know if I can filter traffic between internal hosts. Any Info would be appreciated. Thx |
You can use iptables on host a, or if your hosts are connected through switch on the router, you can make rules for firewall on router.
|
If you put them to different LAN, you can apply filer rule in iptables, otherwise they WILL communicate through switch, because they will use same LAN IP and their packets never reach LAN GW.
|
As said, you can filter using IPtables on the PCs whether or not they are on the same subnet. If you have an un-managed switch behind your Linux firewall/router, which the PCs connect to, you won't be able to filter using the firewall. Most managed switches will let you filter.
If the Linux firewall has multiple LAN-side ethernet ports acting as a LAN switch using brctl, you can use ethtables to filter between switchports. |
| All times are GMT -5. The time now is 09:49 PM. |