Line 186: |
Line 186: |
| /sbin/e-smith/expand-template /etc/rc.d/init.d/masq | | /sbin/e-smith/expand-template /etc/rc.d/init.d/masq |
| /etc/init.d/masq restart | | /etc/init.d/masq restart |
| + | |
| + | |
| + | |
| + | *I want to block outgoing traffic from my server. |
| + | These commands are based on |
| + | http://bugs.contribs.org/show_bug.cgi?id=2977 |
| + | |
| + | Please check for the latest attachments (custom template fragments) to this bug. |
| + | |
| + | At present, traffic is only blocked if it originates on the primary local |
| + | network. |
| + | No processing is performed on traffic addressed to the LAN IP, WAN IP or |
| + | loopback address of the SME. |
| + | |
| + | |
| + | Download custom templates and configure ports with db command |
| + | |
| + | mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq |
| + | cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq |
| + | wget -O 91adjustPortBlocks http://bugs.contribs.org/attachment.cgi?id=1395 |
| + | wget -O 42SetupPortBlocks http://bugs.contribs.org/attachment.cgi?id=1389 |
| + | |
| + | Create desired db entries to suit the ports & protocols you want to block |
| + | config setprop masq TCPBlocks address:port |
| + | config setprop masq UDPBlocks address:port |
| + | |
| + | eg to block all outbound traffic except that passed by the smtp & httpd proxies |
| + | config setprop masq TCPBlocks 0.0.0.0/0:1-65535 |
| + | config setprop masq UDPBlocks 0.0.0.0/0:1-65535 |
| + | |
| + | eg to leave open some ports ie 222 & 2000-2010, block in ranges |
| + | config setprop masq TCPBlocks 0.0.0.0/0:1-221,0.0.0.0/0:223-1999,0.0.0.0/0:2011-65535 |
| + | |
| + | Update the config changes and restart masq |
| + | signal-event remoteaccess-update |
| + | /etc/init.d/masq restart |
| + | |
| | | |
| | | |