Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-15-2010, 07:56 AM   #1
LQ Newbie
Registered: Dec 2010
Posts: 10

Rep: Reputation: 0
Block user accessing

Centos 5.5 using iptables and squid with sqstat. User is behind my firewall trying to access out.

How do I prevent a user's printer application from trying to access "".

Do I do it in iptables like this:

-A INPUT -m tcp -p tcp -d --dport 80 -j DROP
When I view sqstat his IP is hitting squid with 20 connections. What I would like to do is block all attempts to access from behind the firewall.
Old 12-15-2010, 09:37 AM   #2
LQ Newbie
Registered: Sep 2010
Location: Texas
Distribution: Ubuntu Server lucid, Ubuntu Desktop maverick
Posts: 15

Rep: Reputation: 0
I believe that if he is behind your firewall, and your firewall is using IPTABLES for control, then the line should be appended to OUTPUT. However, you would have to be careful to drop only his/her port 80 requests, though it would block all his port 80 requests.

Block all his/her port 80 requests going out would make them come ask why they can't access the Internet and then you could figure out what's going on. That is the sledgehammer approach.
Old 12-15-2010, 05:00 PM   #3
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
If they are accessing the IP through Squid, use a Squid ACL, like:
acl printer dst
http_access deny printer
...but if they're going through the firewall/router, you'll need to use the FORWARD chain, like:
iptables -I FORWARD -d -j DROP
...and really, you might wanna do both.
Old 12-17-2010, 02:36 AM   #4
LQ Newbie
Registered: Dec 2010
Posts: 10

Original Poster
Rep: Reputation: 0
Thumbs up Thanks

Sorry for the late response, was a public holiday yesterday in South Africa so I did not come to work.

Thanks tardis1 for your input. However win32sux's suggestion solved my problem. Thanks win32sux!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to block HTTP requisitions with invalid/blank http referer field brgsousa Linux - Software 2 10-18-2010 03:49 PM
Block Internet(http) access for particular user deva_raju Linux - Security 2 10-31-2009 08:59 AM
trying to block user from accessing external web site with iptables Histamine Linux - Networking 1 08-10-2007 08:43 AM
How to block a certain user from accessing the internet darkone66669 Linux - Security 5 12-01-2006 01:37 PM
(Foolish linux user deletes block device) Zander Linux - General 3 02-16-2004 12:40 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:15 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration