[SOLVED] Block user accessing http://10.0.0.5/hp/device/set_config.html

ledpepper · 12-15-2010, 06:56 AM

Centos 5.5 using iptables and squid with sqstat. User is behind my firewall trying to access out.

How do I prevent a user's printer application from trying to access "http://10.0.0.5/hp/device/set_config.html".

Do I do it in iptables like this:

Code:

-A INPUT -m tcp -p tcp -d 10.0.0.5 --dport 80 -j DROP

When I view sqstat his IP is hitting squid with 20 connections. What I would like to do is block all attempts to access 10.0.0.5 from behind the firewall.

tardis1 · 12-15-2010, 08:37 AM

I believe that if he is behind your firewall, and your firewall is using IPTABLES for control, then the line should be appended to OUTPUT. However, you would have to be careful to drop only his/her port 80 requests, though it would block all his port 80 requests.

Block all his/her port 80 requests going out would make them come ask why they can't access the Internet and then you could figure out what's going on. That is the sledgehammer approach.

win32sux · 12-15-2010, 04:00 PM

If they are accessing the IP through Squid, use a Squid ACL, like:

Code:

acl printer dst 10.0.0.5/32
http_access deny printer

...but if they're going through the firewall/router, you'll need to use the FORWARD chain, like:

Code:

iptables -I FORWARD -d 10.0.0.5 -j DROP

...and really, you might wanna do both.

ledpepper · 12-17-2010, 01:36 AM

Sorry for the late response, was a public holiday yesterday in South Africa so I did not come to work.

Thanks tardis1 for your input. However win32sux's suggestion solved my problem. Thanks win32sux!