From: Mike Jones on 14 Jun 2010 12:14 How do I set up a stateful filter for a client machine? ATM I can restrict things to the local network, but as traffic is all local network to the client until the router box masqerades it, the client can still reach through the router box and out to the web, and the reverse is true also. I'm looking for a method for the /client/ to be able to temporarily restrict it's own traffic just to the router box and no further, via IPtables. Example: (Where CNET="192.168.0.0-255") $IPT -A INPUT -i $NIC_LAN \ -m iprange --src-range $CNET \ -p tcp -m multiport --ports $PORTS_LAN \ -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A OUTPUT -o $NIC_LAN \ -m iprange --dst-range $CNET \ -p tcp -m multiport --ports $PORTS_LAN \ -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT ....still does internet via the router forwarding. Bah! Clues? XP alt.os.linux.slackware,alt.os.linux FU alt.os.linux -- *=( http://www.thedailymash.co.uk/ *=( For all your UK news needs.
|
Pages: 1 Prev: Slackware 13.1: Can't dual boot? Next: Lenovo notebook X201, 13.1 "black screen" bug |