forbidden user proxy other

Jörg Harmuth harmuth at mnemon.de
Tue Aug 2 10:14:12 CEST 2005


bend chen schrieb:
> hi,netfilter
> 
> 	I have manager some PC,some one can used my netfilter box access Internet,others can't access Internet.
> but I find some PC installed proxy program (wingate\ccproxy...)  proxy some user's pc access Internet.
> how can i set my firewall to forbidden user use proxy program?

If I understand correctly, you want to allow proxy access for some users
and other users are forbidden to use the proxy.If so, what about this:

Structure your network, put allowed users in one network segment and
forbidden users in a different segment. Then the following rules should
get you started.

iptables -P INPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED \
   -j ACCEPT
iptables -A INPUT -s $ALLOWED_SEGMENT/$NETMASK \
   --dport $PROXY_PORT -j ACCEPT
[Some other rules you need]

Finally I would like to suggest reading "man iptables" and this
excellent tutorial by Oskar Andreasson:

http://iptables-tutorial.frozentux.net/chunkyhtml/index.html

Good luck,

Joerg




More information about the netfilter mailing list