Results 1 to 3 of 3
Hello all, I want a situation where i want to restrict one pc in my lan not to browse the internet, to block http, https ports for that computer and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 07-24-2009 #1
- Join Date
- Dec 2006
Blocking a port for ip in my lan and allow it for others
I want a situation where i want to restrict one pc in my lan not to browse the internet, to block http, https ports for that computer and allow other ports.
The lan ip i want to block its ip is 192.168.0.203, i dont want this ip to access http, https ports but can do other things. I want an iptables script or comman to use to achieve this.
Thanks your help will be apprieciated
- 07-25-2009 #2
- 08-24-2009 #3
- Join Date
- Aug 2009
- Mumbai, India
Assuming you are using iptables on the system on which to want to block outbound access to HTTP and HTTPS
iptables -I OUTPUT 1 -p tcp -m multiport --dport 80,443 -j DROP
iptables -I OUTPUT 2 -p tcp -j ACCEPT
The first rule blocks outbound traffic to port 80,443 while allowing traffic to other ports. If you are using RHEL, Fedora, CentOS you'll need to add the above lines except for the word iptables to the /etc/sysconfig/iptables file for it to be effective on subsequent reboots.
If you are configuring iptables on a another system through which traffic is routed to the internet, then the above rules change to
iptables -I FORWARD 1 -s 192.168.1.203/24 -p tcp -m multiport --dport 80,443 -j DROP
iptables -I FORWARD 2 -s 192.168.1.203/24 -p tcp -j ACCEPT
URL mentioned in the previous post would anyways give you detailed info.