kephillips
asked on
iptables help
hi experts.
my linux box is sharing an internet connection to the rest of the office.
I would like to restrict 192.168.0.80 only to intranet, no internet. thanks..
my linux box is sharing an internet connection to the rest of the office.
I would like to restrict 192.168.0.80 only to intranet, no internet. thanks..
ASKER
can't use -o with INPUT....
Oops,
# iptables -A OUTPUT -p all -s 192.168.0.80 -o eth1 -j DROP
---------
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.0.80 anywhere
------------
Wesly
# iptables -A OUTPUT -p all -s 192.168.0.80 -o eth1 -j DROP
---------
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.0.80 anywhere
------------
Wesly
ASKER
ok. that works to cut off all access, but i would like to maintain the ability to have email. Just close port 80 maybe???
# iptables -A OUTPUT -p tcp --ports 80 -s 192.168.0.80 -o eth1 -j DROP
Wesly
Wesly
ASKER
unknown error --ports
iptables -A OUTPUT -p tcp --dport 80 -s 192.168.0.80 -o eth1 -j DROP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Assume eth0 is LAN and eth1 is internet for your Linux box.
As root
# iptables -A INPUT -i eth0 -p tcp -s 192.168.0.80 -o eth1 -j DROP
Wesly