[TriLUG] IP Tables rule to block all non-local traffic
Brian Henning via TriLUG
trilug at trilug.org
Mon Oct 10 09:32:05 EDT 2016
Unplugging the Ethernet cable is a pretty good way to block all non-local traffic! Oh, not quite THAT local... :-D
-----Original Message-----
From: TriLUG [mailto:trilug-bounces+bhenning=pineinst.com at trilug.org] On Behalf Of Ron Kelley via TriLUG
Sent: Friday, October 07, 2016 9:22 PM
To: Triangle Linux Users Group General Discussion <trilug at trilug.org>
Subject: [TriLUG] IP Tables rule to block all non-local traffic
Greetings all.
My IP Tables skills are very lacking, and I don’t want to break anything in the process. Thus, I am reaching out…
I need the right iptables command to do the following:
----------------------------------------------
* Allow any connection to any ip on the local subnet
* Allow any connection to any ip on an adjacent subnet
* Block all other traffic
server_ip: 192.168.100.21/24
adjacent_subnet: 172.16.0.0/16
iptables -A OUTPUT —dport=<any> -s 192.168.100.0/24 -j ACCEPT iptables -A OUTPUT —dport=<any> -s 172.16.0.0/16 -j ACCEPT iptables -A OUTPUT -dport=<any> -j REJECT
Thanks for any pointers.
-Ron
--
This message was sent to: Brian <bhenning at pineinst.com> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web : http://www.trilug.org/mailman/options/trilug/bhenning%40pineinst.com
Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list