[CentOS] restrict network access
Arne Pelka
lists at arnepelka.de
Mon Oct 22 21:47:54 UTC 2007
>> Squid actually Proxy will do the trick....
>
> Nope. Not if they are installed on those PCs.
>
>
> Just block outgoing connections to all webservers but those that are
> allowed.
>
> iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 80 -j DROP or REJECT
>
> Or to be more complete:
>
> iptables -P OUTPUT DROP or REJECT
> iptables -A OUTPUT -d localnet -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT
> and so on.
I found out that there is a proxy in our network and I can use a private
network address, I configured yum to use the proxy and everything is
working fine for the moment. But maybe this solution will be not
flexible enough in future - then I gonna check your suggestions and will
try to get deeper in the iptables configuration.
Can anybody tell me what ip or domain i would have to allow to get
access to the centos mirrors with yum for getting updates properly.
TIA!
-Arne
More information about the CentOS
mailing list