Using iptables to block address inside my network?

Dev Shed Forums Sponsor:

May 14th, 2003, 12:32 PM

Galewind

Contributing User

Join Date: May 2002

Location: Phoenix

Posts: 42

Time spent in forums: < 1 sec
Reputation Power: 7

Using iptables to block address inside my network?

I've checked all the iptables tutorials I could find, but I still can't get my head around this. I want to call a cron job to block a specific host in my internal network from getting through my firewall out to the internet. Then another cron job to allow access to that host again. Can anyone help me figure this out?

Galewind

May 14th, 2003, 12:56 PM

GNUbie

Throws Rocks

Join Date: Mar 2002

Location: Cincinnati, Ohio

Posts: 392

Time spent in forums: 6 h 31 m 7 sec
Reputation Power: 8

For clarification: you want a host node to only have access outside the network during a certain period of the day, correct?

__________________
Two things have come out of Berkeley, Unix and LSD.
It is uncertain which caused the other.

May 14th, 2003, 02:04 PM

Galewind

Contributing User

Join Date: May 2002

Location: Phoenix

Posts: 42

Time spent in forums: < 1 sec
Reputation Power: 7

Quote:

Originally posted by GNUbie
For clarification: you want a host node to only have access outside the network during a certain period of the day, correct?

No, I want to block a host node to only have access *inside* the network during a certain period of the day... or no access at all, if that's necessary.

Galewind

May 15th, 2003, 01:02 PM

GNUbie

Throws Rocks

Join Date: Mar 2002

Location: Cincinnati, Ohio

Posts: 392

Time spent in forums: 6 h 31 m 7 sec
Reputation Power: 8

Ok, cool. What hours do you want that host to have access inside the network? And what are the network and subnet addresses?

May 15th, 2003, 01:16 PM

Galewind

Contributing User

Join Date: May 2002

Location: Phoenix

Posts: 42

Time spent in forums: < 1 sec
Reputation Power: 7

Quote:

Originally posted by GNUbie
Ok, cool. What hours do you want that host to have access inside the network? And what are the network and subnet addresses?

I'm not sure of the specific hours yet, I assumed I would just call a script from a cron job & I can handle setting that up. Network address is 192.168.1.0 & subnet is 255.255.255.0 . If you want the specific IP I want blocked, it's 192.168.1.6 .

Galewind

May 15th, 2003, 03:17 PM

GNUbie

Throws Rocks

Join Date: Mar 2002

Location: Cincinnati, Ohio

Posts: 392

Time spent in forums: 6 h 31 m 7 sec
Reputation Power: 8

You're correct about the cron job. We'll just make up times for the example -- let's say between 4:15 AM and 4:45 AM it can access the network for an upgrade.

Code:

#!/bin/sh
# allow.sh -- allows 192.168.1.6 to access the network

/sbin/iptables -R OUTPUT -s 192.168.1.6 -d 192.168.1.0/24 -j ACCEPT

Code:

#!/bin/sh
# deny.sh -- denies 192.168.1.6 to access the network

/sbin/iptables -R OUTPUT -s 192.168.1.6 -d 0/0 -j DROP

Code:

# crontab
15 4 * * * root /path/to/allow.sh
45 4 * * * root /path/to/deny.sh

[edit]: Don't forget to chmod +x the shell scripts.
And http://www.netfilter.org/documentat...ng-HOWTO-7.html

Last edited by GNUbie : May 15th, 2003 at 03:20 PM.

May 15th, 2003, 03:21 PM

Galewind

Contributing User

Join Date: May 2002

Location: Phoenix

Posts: 42

Time spent in forums: < 1 sec
Reputation Power: 7

Thankg GNUbie, I'll try that tonight.

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: