Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

iptables, ipcop, facebook

118 views
Skip to first unread message

andy smith

unread,
Nov 20, 2009, 8:22:01 PM11/20/09
to
I use ipcop as my internet gateway on my home lan.
Additionally I use the "banish" add-on
(http://ww2.banish.sidsolutions.net:8081/) to add additional iptables rules
...
( other than via banish I do not really know how to use iptables.)

This allows me to to restrict (from the ipcop gateway) access to or from a
specific resource - such things as
prevent all home lan pcs accessing a specific resource (eg 69.63.176.0/20 -
facebook)
or a homelan PC (eg 192.168.3.93 or its mac address) accessing the internet

What I cannot do is prevent just a specific home pc accessing another
resource
eg prevent just 192.168.3.93 accessing 69.63.176.0/20

Can using iptables allow me to easily do this...
if so can someone show me the cmd line to restrict/allow access to facebook
(then I can perhaps then cron them).

thanks for your help

Simon Pickard

unread,
Nov 21, 2009, 11:50:40 AM11/21/09
to

"andy smith" <nob...@freefromspam.com> wrote in message
news:wNidnccsRLz3npXW...@bt.com...

You might want to try BOT which can be found here http://blockouttraffic.de/

Simon


andy smith

unread,
Nov 20, 2009, 10:42:11 PM11/20/09
to
"Simon Pickard" <spic...@nospam.ntlworld.com> wrote in message
news:ATUNm.7334$Ym4....@text.news.virginmedia.com...

>
> You might want to try BOT which can be found here
> http://blockouttraffic.de/
>
> Simon

Thanks - BOT looks like it could do what I want (create a rule which
specifies the combination of both the source on the LAN & destination
internet address, and additionally have the rule applied at specific times
:-)),
but if I've read it right it seems to start with the premise of not allowing
any green to red traffic (until explicitly allowed), rather than the default
IPCop of trusting all outward traffic.

I understand this is the most secure approach... but is there a simple way
in BOT to reverse it (ie keep the IPCOP default of trusted from green) and
then apply a few rules to restrict specific outward bound traffic (eg to
facebook etc at specific times)?

thanks again

Robert

unread,
Nov 21, 2009, 3:41:38 PM11/21/09
to

Yes, IPTABLES can allow you to do this. Using your example above;

iptables -I INPUT -i <interface> -s 192.168.3.93 -d 69.63.176.0/20
-j REJECT

Change <interface> with the interface that 192.168.3.93 comes in on and it
will block it.


--

Regards
Robert

Linux User #296285
http://counter.li.org

andy smith

unread,
Nov 21, 2009, 7:16:42 PM11/21/09
to
"Robert" <no...@noplace.nowhere> wrote in message
news:pan.2009.11.21....@noplace.nowhere...

>
> Yes, IPTABLES can allow you to do this. Using your example above;
>
> iptables -I INPUT -i <interface> -s 192.168.3.93 -d 69.63.176.0/20
> -j REJECT
>
> Change <interface> with the interface that 192.168.3.93 comes in on and it
> will block it.
>

thanks - I'll give it a try!

0 new messages