Changes
Jump to navigation
Jump to search
← Older edit
Newer edit →
Firewall
(view source)
Revision as of 17:39, 10 October 2010
609 bytes added
,
17:39, 10 October 2010
added example code to Block mac address
Line 56:
Line 56:
man iptables
man iptables
The template fragment needs to be placed in the right order, so that other rules do not negate the rule eg
The template fragment needs to be placed in the right order, so that other rules do not negate the rule eg
−
10blockIP
+
20blockIP
+
+
Example:
+
To block access based on the mac address of the NIC of the wokstation (not on IP)
+
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/
+
pico -w /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/20Blockmac
+
Add the following code to the fragment and save
+
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
+
(Replace XX.XX.XX.XX.XX.XX with actual mac address)
+
+
expand-template /etc/rc.d/init.d/masq
+
/etc/init.d/masq restart
+
+
Check that blocking works as expected
+
+
To see the iptables that are in effect on your server, issue the command
+
iptables --list
+
or
+
iptables -L
====Block outgoing ports====
====Block outgoing ports====
RayMitchell
624
edits
Navigation menu
Personal tools
Log in
Namespaces
Page
Discussion
Variants
Views
Read
View source
View history
More
Search
Koozali SME Server
Main Page
Welcome
Releases
Testimonials
Documentation
SME Server FAQ
Volunteering
Commercial Support
Recent activities
Dashboard
Recent wiki changes
Recent bug changes
Unread Forum posts
Koozali resources
Contribs
How-To's
Forums
Bugzilla
Mailing Lists
Translations
Download
Koozali SME Server wiki
Wiki statistics
Wiki categories
Wiki Help
Koozali Wiki Help
Tools
Special pages
Printable version