Blocking port 80 for specific ip addresses
Joe Patterson
jpatterson@asgardgroup.com
Tue, 18 Dec 2001 11:41:37 -0500
Basically because you've got --dport 80 *and* --sport 80. It would take
work to make such a connection. Most will come from some ephemeral high
port. So take out the --sport 80 portion. The -d 0.0.0.0/0.0.0.0 is the
default, so you should be able to take it out also. The rule will look
like:
$IPT -A FORWARD -p tcp -s 192.168.100.1 --dport 80 -j DROP
Much shorter, and more effective.
-Joe
-----Original Message-----
From: netfilter-admin@lists.samba.org
[mailto:netfilter-admin@lists.samba.org]On Behalf Of William L. Childers
Sent: Tuesday, December 18, 2001 12:31 PM
To: netfilter@lists.samba.org
Subject: Blocking port 80 for specific ip addresses
All,
I have a dual-homed firewall with nating turned on. I currently have
these rules in my script.
What would be the reason that the IP address would still be able to get
http traffic.
#
######################################################################### #
# HTTP
#
#
######################################################################### #
$IPT -A FORWARD -p tcp -s 192.168.100.1 -d 0.0.0.0/0.0.0.0 --dport 80
--sport 80 -j DROP
Any assistance would be appreciated.
Thank you,
William L. Childers