blokowanie ruchu na ruterze na port forwardowany w LAN

[Arkadiusz Rdest]

pszemaz WP wrote:
> Witam!
> Mam takie cos, ale to nie zdaje egzmainu:
> 
> BAN_IPT="/usr/sbin/iptables"
> BAN_HOSTS"1.2.3.4 5.6.7.8 9.10.11.12"
> 
> for x in ${BAN_HOSTS}
> 
> do
>      $BAN_IPT -t filter -I INPUT -p udp -s ${x} -d 192.168.1.0/24 
> --dport nr_portu -j REJECT --reject-with icmp-port-unreachable
>      $BAN_IPT -t filter -I OUTPUT -p udp -s ${x} -d 192.168.1.0/24 
> --dport nr_portu -j REJECT --reject-with icmp-port-unreahable
> done
> 

blokuj w lancuchu FORWARD

do
   $BAN_IPT -I FORWARD -p udp -s ${x} -d 192.168.1.0/24 --dport nr_portu 
-j REJECT --reject-with icmp-port-unreachable
   $BAN_IPT -I FORWARD -p tcp -s ${x} -d 192.168.1.0/24 --dport nr_portu 
-j REJECT --reject-with icmp-port-unreahable
done



-- 
  -[  net and sys admin  ]-[ Learn the facts and make up your own ]-
  -[ weed(at)punkt(dot)pl]-[ damn mind. That's why you have one.  ]-