iptables - kako blokirati IP adresu?
Moderator: Urednik
-
offline
Ovo pitanje ne znam vise gde nisam postavio...
Potrebno mi je da na serveru blokiram dinamicku IP adresu (recimo 157.58.33.2) tako da ne moze da ode na Internet!
Znam da se radi sa iptables, ali mi je potrebno da mi neko da mi napise celu komandu, jer nisam mogao da je provalim. Ako je moguce i objasnjenje iste.
Nemojte samo da mi kazete da pogledam man iptables
Hvala!
Potrebno mi je da na serveru blokiram dinamicku IP adresu (recimo 157.58.33.2) tako da ne moze da ode na Internet!
Znam da se radi sa iptables, ali mi je potrebno da mi neko da mi napise celu komandu, jer nisam mogao da je provalim. Ako je moguce i objasnjenje iste.
Nemojte samo da mi kazete da pogledam man iptables
Hvala!
-
Prijatelj forumaoffline - Posts: 189
- Joined: 24 Feb 2006, 22:11
- Location: Arandjelovac
- Contact:
iptables -A OUTPUT -m owner --uid-owner 500
This packet match will match if the packet was created by the given User ID (UID). This could be used to match outgoing packets based on who created them. One possible use would be to block any other user than root from opening new connections outside your firewall. Another possible use could be to block everyone but the http user from sending packets from the HTTP port.
iptables -A OUTPUT -m owner --gid-owner 0
This match is used to match all packets based on their Group ID (GID). This means that we match all packets based on what group the user creating the packets is in. This could be used to block all but the users in the network group from getting out onto the Internet or, as described above, only to allow members of the http group to create packets going out from the HTTP port.
This packet match will match if the packet was created by the given User ID (UID). This could be used to match outgoing packets based on who created them. One possible use would be to block any other user than root from opening new connections outside your firewall. Another possible use could be to block everyone but the http user from sending packets from the HTTP port.
iptables -A OUTPUT -m owner --gid-owner 0
This match is used to match all packets based on their Group ID (GID). This means that we match all packets based on what group the user creating the packets is in. This could be used to block all but the users in the network group from getting out onto the Internet or, as described above, only to allow members of the http group to create packets going out from the HTTP port.
-
Prijatelj forumaoffline - Posts: 189
- Joined: 24 Feb 2006, 22:11
- Location: Arandjelovac
- Contact:
Last edited by Dimitrije S. on 13 Mar 2006, 14:00, edited 1 time in total.
-
offline
Nisam nista pokusavao... Moram 100% da budem siguran da radi jer u suprotnom, ako ne mogu posle da je aktiviram, je*o sam jeza u ledja!
-
Prijatelj forumaoffline - Posts: 189
- Joined: 24 Feb 2006, 22:11
- Location: Arandjelovac
- Contact:
Skini fwbuilder i pokusaj da ga instaliras, malo posla a moze sve da resi.
FWBuilder ovde
i
libFWBuilder ovde
Prvo ces morati da installiras libFWBuilder pa onda FWBuilder a sve ukupno nema ni 2 mb...
FWBuilder ovde
i
libFWBuilder ovde
Prvo ces morati da installiras libFWBuilder pa onda FWBuilder a sve ukupno nema ni 2 mb...
Last edited by Dimitrije S. on 14 Mar 2006, 10:01, edited 1 time in total.
-
offline
Sada cu da skinem ali cu prvo da se posavetujem sa onim likom, o kome sam ti pricao, da li zna preko iptables pa ako ne, onda ce ovo da radi definitivno!!!
Hvala jos jednom!
Hvala jos jednom!
-
Prijatelj forumaoffline - Posts: 189
- Joined: 24 Feb 2006, 22:11
- Location: Arandjelovac
- Contact:
Nema problema
Kad god nešto zatreba ti javi, rado ćemo da pomognemo ;D
Kad god nešto zatreba ti javi, rado ćemo da pomognemo ;D
-
Prijatelj forumaoffline - Posts: 189
- Joined: 24 Feb 2006, 22:11
- Location: Arandjelovac
- Contact:
iptables -A OUTPUT -m owner --uid-owner 500 --reject-with icmp-host-unreachable
iptables - poziva iptables
-A - primenjuje na sve kompjutere u lancu
OUTPUT - odnosi se na izlazne komande/pakete
-m owner --uid-owner 500 - proverava da li su komande/paketi kreirani od strane odredjenog korisnika (u ovom slucaju tebe)
--reject-with icmp-host-unreachable - u tom slucaju odbija komande/pakete i vraca gresku korisniku koji je pokusao odredjenu akciju (icmp-host-unreachable je jedna od gresaka a moze se videti jos mogucnosti u man iptables).
Komanda se vraca u normalu brisanjem --reject-with icmp-host-unreachable i umesto nje ispisom allow!
Eto, to je neko moje objasnjenje komande koju sam sastavio iz man-a i tutorijala koje sam pronasao na internetu. Ne vidim zasto ne bi radila ali ako stvarno nemas mogucnost greske onda moras da pitas nekoga ko je to sigurno radio...
iptables - poziva iptables
-A - primenjuje na sve kompjutere u lancu
OUTPUT - odnosi se na izlazne komande/pakete
-m owner --uid-owner 500 - proverava da li su komande/paketi kreirani od strane odredjenog korisnika (u ovom slucaju tebe)
--reject-with icmp-host-unreachable - u tom slucaju odbija komande/pakete i vraca gresku korisniku koji je pokusao odredjenu akciju (icmp-host-unreachable je jedna od gresaka a moze se videti jos mogucnosti u man iptables).
Komanda se vraca u normalu brisanjem --reject-with icmp-host-unreachable i umesto nje ispisom allow!
Eto, to je neko moje objasnjenje komande koju sam sastavio iz man-a i tutorijala koje sam pronasao na internetu. Ne vidim zasto ne bi radila ali ako stvarno nemas mogucnost greske onda moras da pitas nekoga ko je to sigurno radio...
-
offline
iptables -A OUTPUT -m blokirana_adresa --uid blokirana_adresa 500 --reject with icmp-host-unreachable
Znaci, mesto owner sam stavljao adrese koje su blokirane (blokirana_adresa)
Sada sam probao ovo i sta kaze:
Couldn't load match `blokirana_adresa':/usr/lib/iptables/libipt_blokirana_adresa.so: cannot open shared object file: No such file or directory
Znaci, mesto owner sam stavljao adrese koje su blokirane (blokirana_adresa)
Sada sam probao ovo i sta kaze:
Couldn't load match `blokirana_adresa':/usr/lib/iptables/libipt_blokirana_adresa.so: cannot open shared object file: No such file or directory
Last edited by ferguson on 15 Mar 2006, 08:42, edited 1 time in total.
Who is online
Users browsing this forum: No registered users and 36 guests