Quote:
# Block a IPs from accesing the internet
$IPT -A FORWARD -i eth1 -s ! 192.168.35.20 -j REJECT
The obove: will this only block the ip: 192.168.35.20. But where do i ADD the IP's i want to ALLOW?
|
The above rule will block all traffic except the ones originating from 192.168.35.20.
-s ! 192.168.35.20 means source ip is not 192.168.35.20.
Quote:
Allow lets say: 192.168.35.10 and 192.168.35.11. Ho would the Firewall for the look like?I can just later ADD all the IP's i want to Allow?
|
You can either keep adding the rules like
$IPT -A FORWARD -i eth1 -s ! 192.168.35.10 -j REJECT
$IPT -A FORWARD -i eth1 -s ! 192.168.35.11 -j REJECT
$IPT -A FORWARD -i eth1 -s ! 192.168.35.21 -j REJECT
OR
take it a step further and create a new chain as in
http://www.linuxquestions.org/questi...615#post990615
That is,
$IPT -N privileged
$IPT -A privileged -s 192.168.35.20 -j RETURN
$IPT -A privileged -s 192.168.35.11 -j RETURN
$IPT -A privileged -s 192.168.35.10 -j RETURN
$IPT -A privileged ... and so on
$IPT -A privileged -j REJECT
and
$IPT -A FORWARD -i eth1 -j privileged