iptables blocking users by ip address - fedoracore 5

iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT

Add to the FORWARD CHAIN on the LAN interface a RULE that ACCEPTs all rules that come in on it.

I.e. all traffic that needs to be forwarded is accepted


I.e. all traffic that is not coming in to the linux box itself or generated by it is accepted by default.

I.e the users can connect to the INternet because their traffic is being forwarded to the Internet





http://iptables-tutorial.frozentux.net/iptables-tutorial.html

shakoush2001,

How can we set limits to which user can be forwarded? allowing all is not a good idea.


Thanks.

iptables --append FORWARD --in-interface $LAN_IN --source 192.168.0.1 -j ACCEPT
iptables --append FORWARD --in-interface $LAN_IN --source 192.168.0.2 -j ACCEPT

finally drop all the rest
iptables --append FORWARD --in-interface $LAN_IN  -j DROP

shakoush2001,

This is great!!!, lastly can I somehow only accept request from certain ports? like applciations that connects to IM, skype, work related ports and block the games port, Hope you get what I'm trying to achieve.

Thanks!

iptables --append FORWARD --in-interface $LAN_IN -p tcp --dport 1863 --source 192.168.0.2 -j ACCEPT

for msn for example


Note the -p tcp --dport 1863

or -p udp --dport 1232

I.e. set first if udp or tcp then the port number

shakoush2001,

Thanks a million, does this mean I have to open one port at a time for every applciation and each user?

or there's a easier way to do this?