Skip to main content

Blocking all access to internet

More
17 years 3 months ago #22880 by ohno
Blocking all access to internet was created by ohno
I'd found this useful iptables from this forum. So I changed a little bit to suit the need like this
[code:1]/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD

#allow full access for specific IPs

#/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.2.3 -o $RED_DEV -j ACCEPT
#/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.2.4 -o $RED_DEV -j ACCEPT

#bar access for all other IPs
/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 0/0 -o $RED_DEV -j DROP [/code:1]when i ran the iptables by typing /etc/rc.d/rc.local, some error occured. Which is: it can't recognize "-s" argument.

So, I changed all $GREEN_DEV to eth0 and $RED_DEV to eth1. It's succesfully executed with no errors. But all other user still can access the internet i.e: still can do instant messanging, etc

Does this code can block such attempts?

Thanx in advanced

p/s: I'd thi code at the end of the rc.local file for the openvpn
[code:1]echo "Starting openvpn (if enabled)"
/usr/local/bin/openvpnctrl --start-daemon-only[/code:1]
More
17 years 3 months ago #22897 by DaLight
Replied by DaLight on topic Re: Blocking all access to internet
That's because, you've probably got a proxy server through which the users can still access the internet. You will either need to disable it (the proxy server) or apply some access control. Note that instant messaging applications will usually default to using port 80 if their regular access port is blocked.
Time to create page: 0.113 seconds