lists at lonnie.abelbeck.com
Mon Jul 7 11:33:39 CEST 2014
Ahhh, yes BLOCK_HOSTS_FILE will apply to everyone, a second look I see you only want it to apply to one internal IP address.
Since AIF is on your router for a LAN, then adding to the LAN_INET_FORWARD_CHAIN is the most efficient, and using REJECT instead of DROP is probably better in this case.
Another untested script, this time for your AIF custom-rules...
---- /etc/arno-iptables-firewall/custom-rules snippet ----
# Reject Facebook for LAN host(s)
for shost in internal.host.ip.address; do
echo "[CUSTOM RULE] Reject Facebook for $shost -> INET"
for dhost in $(whois -h whois.radb.net '!gAS32934' | grep '/'); do
iptables -A LAN_INET_FORWARD_CHAIN -s $shost -d $dhost -j REJECT
Multiple internal.host.ip.address's can be added on the first 'for' if needed.
Though, you will have to do a "arno-iptables-firewall restart" to update the rules.
On Jul 6, 2014, at 10:49 PM, Eli Wapniarski wrote:
> Thanks for responding Lonnie
> Correct me if I'm wrong, the block hosts file will block everybody won't it??
> Actually, the hard work that I did was to google it. lol???
> On Sunday 06 July 2014 22:14:01 Lonnie Abelbeck wrote:
>> If you are not already using the BLOCK_HOSTS_FILE, enable it in
>> firewall.conf: --
>> Then run this **untested** script via cron every day or so...
>> ---- cron script ----
>> for ip in $(whois -h whois.radb.net '!gAS32934' | grep '/'); do
>> echo "$ip"
>> ) > "$BLOCK_HOSTS_FILE"
>> arno-iptables-firewall force-reload
>> You did the hard work with the 'whois' :-)
>> On Jul 6, 2014, at 7:22 AM, Eli Wapniarski wrote:
>>> I was wondering if anyone can help.
>>> I probably need to write a custom rule to block facebook access from a
>>> specific ip address on my internal network. I am having a weird problem
>>> that where the launcher for an mmorpg game on that computer first runs,
>>> it tries to access facebook and then crashes. If access to facebook is
>>> blocked, then the launcher and the game works just fine. The developers
>>> have been alerted and they are working on a fix.
>>> In the meantime, I need to have a rule in place to block all of facebooks
>>> I've found a script, which does work, but it would be cool if I could turn
>>> this into a custom rule for arnos-iptables-firewall. The script follows
>>> for ip in `whois -h whois.radb.net '!gAS32934' | grep /`; do iptables -A
>>> OUTPUT -p all -d $ip -s internal.host.ip.address -j DROP; done
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> Arno's (Linux IPTABLES Firewall) Homepage:
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
More information about the Firewall