| View previous topic :: View next topic |
| Author |
Message |
zen_guerrilla
Guru
Joined: 18 Apr 2002
Posts: 343
Location: Greece
|
 Posted: Sat Nov 09, 2002 4:05 pm Post subject: Filtering specific hosts on a local network w/ iptables ? |
 |
|
Hello world,
our office's 13 systems are part of a bigger network (i.e. 192.168.0.0) and all -expect one- are behind this domain's firewall, so I'm protected from "internet". However I want to also be protected from other pc's of that net (yes, u can call me paranoid  ). So I would like to create an IP list or something, i.e. LISTS="192.168.0.2 192.168.0.50 192.168.0.100 ..." and then have a script like :
| Code: | iptables -A INPUT -s localhost -j ACCEPT
iptables -A INPUT -s ! $LIST -j DROP |
Since I'm not currently at office and can't try that myself or RTFM at iptables manpages (I'm not quite the iptables wizard either ). Does that script work ? Or if it doesn't how should I do that ? And also how should I log things on i.e. /var/log/firewall ?
.:: zen ::. |
|
| Back to top |
|
 |
Larde
Guru
Joined: 07 Jun 2002
Posts: 313
Location: Duesseldorf, Germany
|
| Posted: Sat Nov 09, 2002 4:13 pm Post subject: |
|
|
I think you would need a default policy to DROP and just allow from every single host you need in a loop, something like:
| Code: | LIST="192.168.0.2 192.168.0.50 192.168.0.100..."
for HOST in $LIST; do iptables -A INPUT -s $HOST -j ACCEPT; done
|
How you log depends on what you want to log. What do you want to log?
Yours,
Larde.
_________________
Someday this will be my home... http://moonage.net/
I'll make you a deal
I'll say I came from Earth and my tongue is taped
|
|
| Back to top |
|
|
zen_guerrilla
Guru
Joined: 18 Apr 2002
Posts: 343
Location: Greece
|
| Posted: Sat Nov 09, 2002 4:22 pm Post subject: |
|
|
Larde, thanx a lot for answering. I' ll try it tomorrow. I want to log dropped packages.
.:: zen ::. |
|
| Back to top |
|
|
Larde
Guru
Joined: 07 Jun 2002
Posts: 313
Location: Duesseldorf, Germany
|
| Posted: Sun Nov 10, 2002 10:25 am Post subject: |
|
|
Ok, you want to log dropped packets. I am talking about the INPUT chain now, because we were working on it already. 
If you have a default policy to DROP packets, logically every packet that didn't match after your ACCEPT rules would be dropped. Let's assume
| Code: | LIST="192.168.0.2 192.168.0.50 192.168.0.100"
iptables -A INPUT -s localhost -j ACCEPT
for HOST in $LIST; do iptables -A INPUT -s $HOST -j ACCEPT; done
[whatever ACCEPT rules you might add]
iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT # you probably want that too
|
Every packet not accepted yet would be dropped, so log every packet that's gone that far:
| Code: |
iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "INPUT denied: "
|
would log the dropped packets, but not more than 3 in a row of the same type, with "INPUT denied: " string attached to your syslog.
Hth,
Larde.
_________________
Someday this will be my home... http://moonage.net/
I'll make you a deal
I'll say I came from Earth and my tongue is taped
|
|
| Back to top |
|
|
|
Networking & Security
