[Firewall] Hi

Lonnie Abelbeck lists at lonnie.abelbeck.com
Mon Jul 7 11:33:39 CEST 2014


Eli,

Ahhh, yes BLOCK_HOSTS_FILE will apply to everyone, a second look I see you only want it to apply to one internal IP address.

Since AIF is on your router for a LAN, then adding to the LAN_INET_FORWARD_CHAIN is the most efficient, and using REJECT instead of DROP is probably better in this case.

Another untested script, this time for your AIF custom-rules...

---- /etc/arno-iptables-firewall/custom-rules snippet ----

# Reject Facebook for LAN host(s)
for shost in internal.host.ip.address; do
  echo "[CUSTOM RULE] Reject Facebook for $shost -> INET"
  for dhost in $(whois -h whois.radb.net '!gAS32934' | grep '/'); do
    iptables -A LAN_INET_FORWARD_CHAIN -s $shost -d $dhost -j REJECT
  done
done

----
Multiple internal.host.ip.address's can be added on the first 'for' if needed.

Though, you will have to do a "arno-iptables-firewall restart" to update the rules.

Lonnie


On Jul 6, 2014, at 10:49 PM, Eli Wapniarski wrote:

> Thanks for responding Lonnie
> 
> Correct me if I'm wrong, the block hosts file will block everybody won't it?? 
> Actually, the hard work that I did was to google it. lol???
> 
> Eli
> 
> On Sunday 06 July 2014 22:14:01 Lonnie Abelbeck wrote:
>> Eli,
>> 
>> If you are not already using the BLOCK_HOSTS_FILE, enable it in
>> firewall.conf: --
>> BLOCK_HOSTS_FILE="/etc/arno-iptables-firewall/blocked-hosts"
>> --
>> 
>> Then run this **untested** script via cron every day or so...
>> 
>> ---- cron script ----
>> #!/bin/sh
>> 
>> BLOCK_HOSTS_FILE="/etc/arno-iptables-firewall/blocked-hosts"
>> 
>> (
>>  for ip in $(whois -h whois.radb.net '!gAS32934' | grep '/'); do
>>    echo "$ip"
>>  done
>> ) > "$BLOCK_HOSTS_FILE"
>> 
>> arno-iptables-firewall force-reload
>> ----
>> 
>> You did the hard work with the 'whois' :-)
>> 
>> Lonnie
>> 
>> On Jul 6, 2014, at 7:22 AM, Eli Wapniarski wrote:
>>> I was wondering if anyone can help.
>>> 
>>> I probably need to write a custom rule to block facebook access from a
>>> specific ip address on my internal network. I am having a weird problem
>>> that where the launcher for an mmorpg game on that computer first runs,
>>> it tries to access facebook and then crashes. If access to facebook is
>>> blocked, then the launcher and the game works just fine. The developers
>>> have been alerted and they are working on a fix.
>>> 
>>> In the meantime, I need to have a rule in place to block all of facebooks
>>> ips.
>>> 
>>> 
>>> I've found a script, which does work, but it would be cool if I could turn
>>> this into a custom rule for arnos-iptables-firewall. The script follows
>>> 
>>> for ip in `whois -h whois.radb.net '!gAS32934' | grep /`; do   iptables -A
>>> OUTPUT  -p all -d $ip -s internal.host.ip.address -j DROP; done
>>> 
>>> Thanks
>> 
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 



More information about the Firewall mailing list