New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

Restiction on Bubba2

Got problems with Bubba? Then this forum is for you.
Locked
adoup
Posts: 1
Joined: 28 Jul 2011, 10:34

Restiction on Bubba2

Post by adoup »

Hi,
I'm looking for a way to manage my users individually. I like to block a single user or ip from inside my network.
Thus block them to go to the internet..

Thanks!

Arno
Ubi
Posts: 1549
Joined: 17 Jul 2007, 09:01

Re: Restiction on Bubba2

Post by Ubi »

You cannot block a single user, but you can block an IP address from going to outside.

Code: Select all

iptables -A INPUT -s 192.168.0.X -d ! 192.168.0.1/24 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 80 -j REJECT
would block www access of IP 192.168.0.X via the router, except for local traffic. At least that's what I think. There's a lot of IPtables howtos on the web.

Entering this line is not persistent, it goes away upon reboot (so if you kill all network access, simply reboot). TO make it permanent add the line to /etc/rc.local
ryz
Posts: 183
Joined: 12 Feb 2009, 06:03

Re: Restiction on Bubba2

Post by ryz »

Since Bubba default saves all iptables rules on shutdown i do believe that the settings will be persistent.
Ubi
Posts: 1549
Joined: 17 Jul 2007, 09:01

Re: Restiction on Bubba2

Post by Ubi »

Blummin flip, you're right! Not a very wise design decision in my opinion. But anyway, in case you get locked out by your own iptables mistake, I suppose you just need to yank the power cable and give it a hard down. This way it doesnt get the chance to run the iptables script.

ALternatively, you can edit /etc/init.d/bubba-firewall and comment out the line that says iptables-save, until you're sure it works.

Alternatively again, you can set a cron job that runs "/etc/init.d/bubba-firewall stop" every hour. That means you get locked out max 1 hour.
Locked