Page 1 of 1
Restiction on Bubba2
Posted: 28 Jul 2011, 10:38
by adoup
Hi,
I'm looking for a way to manage my users individually. I like to block a single user or ip from inside my network.
Thus block them to go to the internet..
Thanks!
Arno
Re: Restiction on Bubba2
Posted: 28 Jul 2011, 15:18
by Ubi
You cannot block a single user, but you can block an IP address from going to outside.
Code: Select all
iptables -A INPUT -s 192.168.0.X -d ! 192.168.0.1/24 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 80 -j REJECT
would block www access of IP 192.168.0.X via the router, except for local traffic. At least that's what I think. There's a lot of IPtables howtos on the web.
Entering this line is not persistent, it goes away upon reboot (so if you kill all network access, simply reboot). TO make it permanent add the line to /etc/rc.local
Re: Restiction on Bubba2
Posted: 29 Jul 2011, 08:03
by ryz
Since Bubba default saves all iptables rules on shutdown i do believe that the settings will be persistent.
Re: Restiction on Bubba2
Posted: 29 Jul 2011, 15:58
by Ubi
Blummin flip, you're right! Not a very wise design decision in my opinion. But anyway, in case you get locked out by your own iptables mistake, I suppose you just need to yank the power cable and give it a hard down. This way it doesnt get the chance to run the iptables script.
ALternatively, you can edit /etc/init.d/bubba-firewall and comment out the line that says iptables-save, until you're sure it works.
Alternatively again, you can set a cron job that runs "/etc/init.d/bubba-firewall stop" every hour. That means you get locked out max 1 hour.