Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IPtables - forwarding question

2 views
Skip to first unread message

Mike Jones

unread,
Jun 14, 2010, 12:14:36 PM6/14/10
to

How do I set up a stateful filter for a client machine?

ATM I can restrict things to the local network, but as traffic is all
local network to the client until the router box masqerades it, the
client can still reach through the router box and out to the web, and the
reverse is true also.

I'm looking for a method for the /client/ to be able to temporarily
restrict it's own traffic just to the router box and no further, via
IPtables.


Example:

(Where CNET="192.168.0.0-255")

$IPT -A INPUT -i $NIC_LAN \
-m iprange --src-range $CNET \
-p tcp -m multiport --ports $PORTS_LAN \
-m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o $NIC_LAN \
-m iprange --dst-range $CNET \
-p tcp -m multiport --ports $PORTS_LAN \
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

...still does internet via the router forwarding. Bah!

Clues?

XP alt.os.linux.slackware,alt.os.linux
FU alt.os.linux

--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.

0 new messages