forum.excito.net

[adoup]

Hi,
I'm looking for a way to manage my users individually. I like to block a single user or ip from inside my network.
Thus block them to go to the internet..

Thanks!

Arno

[Ubi]

You cannot block a single user, but you can block an IP address from going to outside.

Code: Select all

iptables -A INPUT -s 192.168.0.X -d ! 192.168.0.1/24 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 80 -j REJECT

would block www access of IP 192.168.0.X via the router, except for local traffic. At least that's what I think. There's a lot of IPtables howtos on the web.

Entering this line is not persistent, it goes away upon reboot (so if you kill all network access, simply reboot). TO make it permanent add the line to /etc/rc.local

[ryz]

Since Bubba default saves all iptables rules on shutdown i do believe that the settings will be persistent.

[Ubi]

Blummin flip, you're right! Not a very wise design decision in my opinion. But anyway, in case you get locked out by your own iptables mistake, I suppose you just need to yank the power cable and give it a hard down. This way it doesnt get the chance to run the iptables script.

ALternatively, you can edit /etc/init.d/bubba-firewall and comment out the line that says iptables-save, until you're sure it works.

Alternatively again, you can set a cron job that runs "/etc/init.d/bubba-firewall stop" every hour. That means you get locked out max 1 hour.