Hi all
I need help with a set of iptables rules that would allow a portion of a bank of ipaddresses acces to only one or two named wbsites.
Please advise
Thank You
Ed
Hi Ed,
Could you please more elaborate on your network setup, web proxy to narrow down the rules.
Regards
Satish Mekala.
I need help writing iptables rules that will allow a certain range of private address (192.168.0.80-100) outgoing access to one or two specific named sites and nothing else.
Here is my current setup
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 81 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
I do not know the exact domain names as of yet, will know soon, they are for a credit card processor.
but....
we could use any site as an example:
so 192.168.0.80-100 are allowed to go to google.com and no where else?
A proxy server is not a viable alternative right now
Thank you
This should help to solve the issue.
iptables -I FORWARD 1 -p all -s 192.168.0.0/24 -d $bankIP -j ACCEPT
192.168.0.0/24 is block of network, edit according to your internal subnet.
1 Like