Blocking a port for ip in my lan and allow it for others

[sapanda]

Hello all,
I want a situation where i want to restrict one pc in my lan not to browse the internet, to block http, https ports for that computer and allow other ports.

The lan ip i want to block its ip is 192.168.0.203, i dont want this ip to access http, https ports but can do other things. I want an iptables script or comman to use to achieve this.

Thanks your help will be apprieciated

[Lazydog]

Take a look at this TUTORIAL

[syd05]

Hi,

Assuming you are using iptables on the system on which to want to block outbound access to HTTP and HTTPS

iptables -I OUTPUT 1 -p tcp -m multiport --dport 80,443 -j DROP
iptables -I OUTPUT 2 -p tcp -j ACCEPT

The first rule blocks outbound traffic to port 80,443 while allowing traffic to other ports. If you are using RHEL, Fedora, CentOS you'll need to add the above lines except for the word iptables to the /etc/sysconfig/iptables file for it to be effective on subsequent reboots.

If you are configuring iptables on a another system through which traffic is routed to the internet, then the above rules change to

iptables -I FORWARD 1 -s 192.168.1.203/24 -p tcp -m multiport --dport 80,443 -j DROP
iptables -I FORWARD 2 -s 192.168.1.203/24 -p tcp -j ACCEPT

URL mentioned in the previous post would anyways give you detailed info.

-- Syd