LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Block user accessing http://10.0.0.5/hp/device/set_config.html (https://www.linuxquestions.org/questions/linux-security-4/block-user-accessing-http-10-0-0-5-hp-device-set_config-html-850381/)

ledpepper 12-15-2010 06:56 AM
Block user accessing http://10.0.0.5/hp/device/set_config.html
 
Centos 5.5 using iptables and squid with sqstat. User is behind my firewall trying to access out.

How do I prevent a user's printer application from trying to access "http://10.0.0.5/hp/device/set_config.html".


Do I do it in iptables like this:

Code:
-A INPUT -m tcp -p tcp -d 10.0.0.5 --dport 80 -j DROP
When I view sqstat his IP is hitting squid with 20 connections. What I would like to do is block all attempts to access 10.0.0.5 from behind the firewall.

tardis1 12-15-2010 08:37 AM
I believe that if he is behind your firewall, and your firewall is using IPTABLES for control, then the line should be appended to OUTPUT. However, you would have to be careful to drop only his/her port 80 requests, though it would block all his port 80 requests.

Block all his/her port 80 requests going out would make them come ask why they can't access the Internet and then you could figure out what's going on. That is the sledgehammer approach.

win32sux 12-15-2010 04:00 PM
If they are accessing the IP through Squid, use a Squid ACL, like:
Code:
acl printer dst 10.0.0.5/32
http_access deny printer
...but if they're going through the firewall/router, you'll need to use the FORWARD chain, like:
Code:
iptables -I FORWARD -d 10.0.0.5 -j DROP
...and really, you might wanna do both.

ledpepper 12-17-2010 01:36 AM
Thanks
 
Sorry for the late response, was a public holiday yesterday in South Africa so I did not come to work.

Thanks tardis1 for your input. However win32sux's suggestion solved my problem. Thanks win32sux!


All times are GMT -5. The time now is 07:29 PM.