Skip to main content

How to Block IM in IPCOP

More
19 years 2 months ago #9934 by DaLight
Ah I see where your problem is Pax. The Advanced Web proxy does not change any firewall rules and only controls access to the internet through Squid. This is why I wanted to have a look at your /etc/rc.d/rc.local file. The reason your access rules are not working is that Squid is being bypassed. You will need to add the following lines to your rc.local file. Note that the following commands block all direct access to the internet for your client PCs and forces them to go through Squid, and this might break some programs that communicate directly with the internet, so test before use.

Add after the line containing "#!/bin/sh"
[code:1]
# Flush Custom Input Rules
/sbin/iptables -F CUSTOMINPUT
/sbin/iptables -F CUSTOMFORWARD

#allow full access for specific IPs
#allow 192.168.111.1
/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.111.1 -o $RED_DEV -j ACCEPT

#bar access for all other IPs
/sbin/iptables -A CUSTOMFORWARD -i $GREEN_DEV -s 192.168.0.0/16 -o $RED_DEV -j DROP
[/code:1]

The above rules simply block direct access for all clients, but makes an exception for 192.168.111.1. Simply substitute the above network addresses with your own network specific details.

After editing rc.local, you can run it by typing "/etc/rc.d/rc.local".
Time to create page: 0.108 seconds