Question for iptables.
Hi, i have network of 10-15 pc, i want to block some sites with iptables, but allow for 2-3 pc. How to do it?
|
Depends on your existing rule-set. What have you got? Sanitise output
before posting - don't tell the world your public IP ;} Cheers, Tink |
Just an idea, but look up Squid Proxy as well :)
|
Yeah, if by "sites" you mean Web sites, then Squid would be a much better choice than iptables.
To get an idea of what's involved, check out this thread. |
Ok, lets say i have rules to block 1.2.3.4 for my network (10 pc), like this:
iptables -A INPUT -s 1.2.3.4 -j DROP so, how i allow this web site(1.2.3.4) to 1 pc of these 10? etc. i have squid, but want do it with iptables. And tanks to all. |
Use a rule previous to that one with a defined destination... for example.
iptables -I INPUT -s 1.2.3.4 -d 192.168.0.9 -j ACCEPT Where 192.168.0.9 is the machine you wish to allow to connect to the IP. |
Thanks, i'll try it tomorrow.
|
Quote:
Code:
iptables -P FORWARD DROP |
Quote:
Quote:
mynet.acl - IT dep. banned.acl - blocked web sites by ip. block_url.acl - words like porno, sex, etc. ogranichenaskorost.acl - limit speed Code:
#Recommended minimum configuration: |
Quote:
Code:
acl IT_department src 192.168.1.11-192.168.1.15 |
Thanks win32sux for help, you are very patient. I can't believe, but i think this will work. I'll try it now.
|
My new squid.conf:
Code:
acl purge method PURGE |
Quote:
BTW, you've got a bunch of duplicate lines in there which you should clean up. |
Yes, it's now working. Thanks win32sux, you are the man. My new squid.conf:
Code:
acl our_networks src 192.168.0.0/16 |
All times are GMT -5. The time now is 06:03 AM. |