Newbie on iptables; want to deny access to 192.168.0.5

From: Gaétan Martineau (gmarti_at_pasdespammediom.qc.ca)
Date: 08/28/04

Next message: Jose Maria Lopez Hernandez: "Re: How to find whether a particular ip:port is available??"

Previous message: Robert E A Harvey: "Re: How to find whether a particular ip:port is available??"
Next in thread: Aiehce: "Re: Newbie on iptables; want to deny access to 192.168.0.5"
Reply: Aiehce: "Re: Newbie on iptables; want to deny access to 192.168.0.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 28 Aug 2004 11:51:52 -0400

As our kids are now back to school, I would like to restrict their
computer access to the net. How to set cron jobs, I know. However, how
to change the iptables script to restrict, I don't...

We have a 192.168.0.3(on internal) firewall. The kids computer is
192.168.0.5, ours is 192.168.0.6. The present iptables script on
192.168.0.3 is below. These rules would be used, say, at night, between
8PM and 9:15PM. Then I would like to shut access to 192.168.0.3 but keep
it available to 192.168.0.6. What can I change or add? Help would be
very appreciated...

The present script is run in /etc/rc.local. I would keep, I think, lines
2-3 and 9 to 14. Then the rest would be put in two other separate
scripts, say "iptables_access_everyone" and "iptables_access_restricted"
which would toggle back and forth using cron.

Many thanks for suggestions.

Gaetan

1 #!/bin/sh
2 INSMOD=/sbin/insmod
3 IPTABLES=/sbin/iptables
4 dev_extern="ppp0"
5 dev_intern="eth1"
7 addr_int=192.168.0.3
8 net_int=192.168.0.0/24
9 $INSMOD ip_tables
10 $INSMOD ip_conntrack
11 $INSMOD ip_conntrack_ftp
12 $INSMOD ipt_state
13 $INSMOD iptable_nat
14 $INSMOD ipt_MASQUERADE
15 $IPTABLES -F
16 $IPTABLES -N BLOCK
17 $IPTABLES -A BLOCK -m state --state ESTABLISHED,RELATED -j ACCEPT
18 $IPTABLES -A BLOCK -m state --state NEW -i ! $dev_extern -j ACCEPT
19 #$IPTABLES -A BLOCK -p tcp --dport 80 -j ACCEPT
20 $IPTABLES -A BLOCK -j DROP
21 $IPTABLES -A INPUT -j BLOCK
22 $IPTABLES -A FORWARD -j BLOCK
23 $IPTABLES -A POSTROUTING -t nat -o $dev_extern -j MASQUERADE -s net_int
24 echo 1 > /proc/sys/net/ipv4/ip_forward

Next message: Jose Maria Lopez Hernandez: "Re: How to find whether a particular ip:port is available??"

Previous message: Robert E A Harvey: "Re: How to find whether a particular ip:port is available??"
Next in thread: Aiehce: "Re: Newbie on iptables; want to deny access to 192.168.0.5"
Reply: Aiehce: "Re: Newbie on iptables; want to deny access to 192.168.0.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]