Please help me block WWW to MASQ'ed IP's with IPTABLES

Ramin Alidousti ramin@cannon.eng.us.uu.net
Mon, 28 Jan 2002 20:23:27 -0500 

--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Jan 28, 2002 at 04:23:41PM -0800, brandon wrote:

...
> 
> Thanks in advance 
>   Brandon Macmillan 
> 
> PS: Once I got over the 'shell shock' (bad joke) IPTABLES is great!! 


Just to ease your pain with the 'shell shock', compile the attached .c
file and use:

EXTIP=`gi $EXTIF`

instead of the following command:

> EXTIP="`/sbin/ifconfig $EXTIF | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" 


Ramin

--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="gi.c"

//
// short hack to grab interface information
// gcc -o gi gi.c; strip gi
//
// Blu3Viper, Jan 1999


#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define SIOCGIFCONF        0x8912          /* get iface list               */

int main(int argc, char *argv[])
{
int numreqs = 30, sd, n, search, tick;
struct ifconf ifc;
struct ifreq *ifr;
struct in_addr *ia;

//
// if there is an arg on the command line, print out the ip of that device
// only.  note the numreqs in the above, modify that as is desired.

search= (argc>1);
if(search && strlen(argv[1]) > 64) {
  fprintf(stderr, "specified device name too large, ignoring\n");
  search=0;
  }

sd=socket(AF_INET, SOCK_STREAM, 0);
ifc.ifc_buf = NULL;
ifc.ifc_len = sizeof(struct ifreq) * numreqs;
ifc.ifc_buf = realloc(ifc.ifc_buf, ifc.ifc_len);
if (ioctl(sd, SIOCGIFCONF, &ifc) < 0) {
	perror("SIOCGIFCONF");
	}
                                 
ifr = ifc.ifc_req;
for (n = 0; n < ifc.ifc_len; n += sizeof(struct ifreq)) {
	ia= (struct in_addr *) ((ifr->ifr_ifru.ifru_addr.sa_data)+2);
	if(search) tick= strcmp(ifr->ifr_ifrn.ifrn_name, argv[1]);
	if(!search)
	  fprintf(stdout, "%6s %-15s\n", ifr->ifr_ifrn.ifrn_name,
		inet_ntoa(*ia));
	if (search && (tick==0))
	  fprintf(stdout, "%s\n", inet_ntoa(*ia));
	ifr++;
	}

free(ifc.ifc_buf);
exit(0);
}

--jI8keyz6grp/JLjh--