[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

iptables help

hi experts.
my linux box is sharing an internet connection to the rest of the office.
I would like to restrict 192.168.0.80 only to intranet, no internet. thanks..
0
kephillips
Asked:
kephillips
1 Solution
 
wesly_chenCommented:
Hi,

Assume eth0 is LAN and eth1 is internet for your Linux box.
As root
# iptables -A INPUT -i eth0 -p tcp -s 192.168.0.80 -o eth1 -j DROP

Wesly
0
 
kephillipsAuthor Commented:
can't use -o with INPUT....
0
 
wesly_chenCommented:
Oops,

# iptables -A OUTPUT -p all -s 192.168.0.80 -o eth1 -j DROP
---------
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
DROP       all  --  192.168.0.80      anywhere          
------------

Wesly
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
kephillipsAuthor Commented:
ok. that works to cut off all access, but i would like to maintain the ability to have email. Just close  port 80 maybe???
0
 
wesly_chenCommented:
# iptables -A OUTPUT -p tcp --ports 80 -s 192.168.0.80 -o eth1 -j DROP

Wesly
0
 
kephillipsAuthor Commented:
unknown error --ports
0
 
j79Commented:

iptables -A OUTPUT -p tcp --dport 80 -s 192.168.0.80 -o eth1 -j DROP

0
 
MKraussCommented:

#Allow Outgoing smtp and pop
iptables -A OUTPUT -o eth1 -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp --dport 110 -j ACCEPT

#Allow Incomming smtp and pop
iptables -A INPUT -o eth1 -p tcp --sport 25 -j ACCEPT
iptables -A INPUT -o eth1 -p tcp --sport 110 -j ACCEPT

#Allow smtp and pop traffic from your office with connetcion tracking:
iptables -A FORWARD -o eth1 -p tcp --dport 25  -m state --state NEW,RELATED,ESTABLISHED  -j ACCEPT
iptables -A FROWARD -o eth1 -p tcp --dport 110 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT


#Drop all local packets to outside
iptables -A OUTPUT -j DROP
#Drop all outside packets to local
iptables -A INPUT -j DROP

#Drop all forwarding packets - prevents your office to do anything to outside or vice versa
iptables -A FORWARD -j DROP

Note: dont forget that the first rule which matches casues iptables to leave the chain.

0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now