[CentOS] restrict network access
Christopher Chan
christopher at ias.com.hk
Mon Oct 22 06:46:58 UTC 2007
umair shakil wrote:
> Salam,
>
> Squid actually Proxy will do the trick....
Nope. Not if they are installed on those PCs.
>
> Regards,
>
> Umair Shakil
> ETD
>
> On 10/19/07, *Arne Pelka* < lists at arnepelka.de
> <mailto:lists at arnepelka.de>> wrote:
>
> Hi,
>
> I have two pc using centos 4, these machines need only access to the
> (big, class b) local network. Because of security reasons the network
> access should be restricted to this local network - mainly the users
> of these pc should not be able to access webpages outside of the local
> network. My problem is, that I have no own centos repository and
> therefore these two pc need access to the centos mirrors to get updates.
> What would be the best way to restrict the network access to the local
> network and allow the access to some external addresses (a centos
> mirror and maybe some other servers/websites).
> I was thinking about iptables but I'm not very experienced in this
> questions - maybe there is an easier way. The configuration with
> iptables seems to be very complex, I was skimming through some
> tutorials and the man pages.
>
Just block outgoing connections to all webservers but those that are
allowed.
iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j DROP or REJECT
Or to be more complete:
iptables -P OUTPUT DROP or REJECT
iptables -A OUTPUT -d localnet -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT
and so on.
More information about the CentOS
mailing list