Re: [SLUG] Linux Networking with IPTABLES

From: Paul Aitken (paitken1@tampabay.rr.com)
Date: Fri Apr 18 2003 - 17:40:24 EDT

Next message: Mike Manchester: "Re: [SLUG] diff question"
Previous message: Paul Aitken: "Re: [SLUG] Linux Networking with IPTABLES"
In reply to: Derek Glidden: "Re: [SLUG] Linux Networking with IPTABLES"
Next in thread: Paul M Foster: "Re: [SLUG] Linux Networking with IPTABLES"
Reply: Paul M Foster: "Re: [SLUG] Linux Networking with IPTABLES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I will test this later.. You seem to be the only one who understands what I
was talking about.
----- Original Message -----
From: "Derek Glidden" <dglidden@illusionary.com>
To: <slug@nks.net>
Sent: Friday, April 18, 2003 2:04 PM
Subject: Re: [SLUG] Linux Networking with IPTABLES

> On Fri, 2003-04-18 at 12:31, Paul Aitken wrote:
> > Hey,
> >
> > I was a little tired when I typed that. Let me rephrase it a little.
> > This is what I want to happen:
> > I want my computer (192.168.1.2) to have internet using the router. I
don't
> > want any other computers on the internal network to have internet,
except
> > for the linux router.
> >
> > I am wanting to block all connections, outgoing and incoming.
>
> This is off the top of my head, but I think this will work:
>
>
> # flush any existing rules
> iptables -F
> iptables -t nat -F
>
> # masquerade anything outbound
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> # allow only traffic for 192.168.1.2 in and out, log and drop all else
> iptables -A FORWARD -d 192.168.1.2 -j ACCEPT
> iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
> iptables -A FORWARD -j LOG --log-prefix "DROP FORWARD: "
> iptables -A FORWARD -j DROP
>
> # enable routing
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> of course, the firewall itself will be able to get out unless you put an
> appropriate DROP rule in the OUTPUT table.
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> #!/usr/bin/perl -w
> $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
> {$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
> $t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
> [$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
> "",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
> unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
> >>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
> 8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
> print+x"C*",@a}';s/x/pack+/g;eval
>
> usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
> | extract_mpeg2 | mpeg2dec -
>
> http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
> http://www.eff.org/ http://www.anti-dmca.org/
>

Next message: Mike Manchester: "Re: [SLUG] diff question"
Previous message: Paul Aitken: "Re: [SLUG] Linux Networking with IPTABLES"
In reply to: Derek Glidden: "Re: [SLUG] Linux Networking with IPTABLES"
Next in thread: Paul M Foster: "Re: [SLUG] Linux Networking with IPTABLES"
Reply: Paul M Foster: "Re: [SLUG] Linux Networking with IPTABLES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:13:11 EDT