Changes

Jump to navigation Jump to search

SME Server:Documentation:FAQ (view source)

Revision as of 10:29, 18 October 2007

1,328 bytes added ,  10:29, 18 October 2007
Added section on blocking outgoing traffic/ports
Line 186: Line 186:  
  /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
 
  /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
 
  /etc/init.d/masq restart
 
  /etc/init.d/masq restart
 +
 +
 +
 +
*I want to block outgoing traffic from my server.
 +
These commands are based on
 +
http://bugs.contribs.org/show_bug.cgi?id=2977
 +
 +
Please check for the latest attachments (custom template fragments) to this bug.
 +
 +
At present, traffic is only blocked if it originates on the primary local
 +
network.
 +
No processing is performed on traffic addressed to the LAN IP, WAN IP or
 +
loopback address of the SME.
 +
 +
 +
Download custom templates and configure ports with db command
 +
 +
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
 +
cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
 +
wget -O 91adjustPortBlocks http://bugs.contribs.org/attachment.cgi?id=1395
 +
wget -O 42SetupPortBlocks http://bugs.contribs.org/attachment.cgi?id=1389
 +
 +
Create desired db entries to suit the ports & protocols you want to block
 +
config setprop masq TCPBlocks address:port
 +
config setprop masq UDPBlocks address:port
 +
 +
eg to block all outbound traffic except that passed by the smtp & httpd proxies
 +
config setprop masq TCPBlocks 0.0.0.0/0:1-65535
 +
config setprop masq UDPBlocks 0.0.0.0/0:1-65535
 +
 +
eg to leave open some ports ie 222 & 2000-2010, block in ranges
 +
config setprop masq TCPBlocks 0.0.0.0/0:1-221,0.0.0.0/0:223-1999,0.0.0.0/0:2011-65535
 +
 +
Update the config changes and restart masq
 +
signal-event remoteaccess-update
 +
/etc/init.d/masq restart
 +
     
RayMitchell
624

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/5610"

Navigation menu