[plug] blocking user from accessing the Internet

Adam Hewitt ahewitt at skybridge.com.au
Fri Aug 31 16:10:47 WST 2007



> -----Original Message-----
> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On
> Behalf Of Matt Kemner
> Sent: Friday, 31 August 2007 3:04 PM
> To: plug at plug.org.au
> Subject: Re: [plug] blocking user from accessing the Internet
> 
> Hi Jon
> 
> On Fri, 31 Aug 2007, quoth Jon Miller:
> 
> > Client wishes to have a certain user from accessing the Internet.  We
> use
> > iptables, I used the following and still they can access the Internet
> what
> > have I not done?
> 
> > Iptables - A INPUT -s 192.168.1.69 -p tcp all -j DROP (I also tried
> REJECT)
> > neither worked.
> 
> You will no doubt get several responses to this, but...
> 
> use FORWARD instead of INPUT
> 
> INPUT and OUTPUT only affect traffic directly flowing in and out of the
> firewall server itself.  FORWARD affects all traffic flowing through
> it.
> 
> Also (and this is probably a typo only in this email) you have a space
> between "-" and "A" that should not be there
> 
> ie "iptables -A" not "iptables - A"
> 
<SNIP>

Another thing to note is that the -A means append the rule to the end of the
chain, so if you have another rule above it that is allowing it through then
it will never hit this rule at all.

Adam.




More information about the plug mailing list