[iptables] how to enable / disable access to internet?

[Ice-Heki]

Hi!

I have a small problems with iptables tool.

I know for command:

Code:

iptables -I FORWARD 1 -s 192.168.1.123 -j DROP

so, with this command I disable access to internet user which have IP 192.168.1.123.

But my question is - how can I enable access to only one IP addresses this user, which didn't have access to internet?
I want, that user with IP 192.168.1.123 can go to for example: 72.14.207.99?

Thx a lot!

[markharding557]

it would be simpler to use a gui configuration tool like guarddog/kmyfirewall(kde) or fire starter(gnome) for setting it up

[Ice-Heki]

Hm ... I can't use graphic user interface, because I have only SSH access to this computer (and my internet connection is dial-up), so I can only change this over command line.

Does anybody know command to add this exception on iptables list?

[Lazydog]

Since you only have SSH to this box I would look at the rule file, not sure where it is located on a Debian box, and decide where this rule best fits as to not over rule any other rules that should apply then insert it there.

If you are not sure how one allows packets to pass then you really should not be the person editing the rules.

[jledhead]

you can try apt-cache search iptables, there are a few tools that you can use, firehol looks promising. you could also use webmin to manage iptables.

but if you only have ssh (remote access) you might want to think about the physical access in case you lock yourself out. its fairly easy with iptables to lock your self out if you don't know what your doing.