- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- block unwanted traffic to internet via IPTABLES - ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2008 12:10 AM
тАО03-25-2008 12:10 AM
eth1(internet_Interface) IP: 192.168.1.1
this machine is a gateway for the lan, running iptables and squid.
the problem is that 90% of the lan is Windows XP, and we dont have a good Anti-virus installed on all of our windows XP machines.
These Windows XP machines does Broadcast due to viruses and Trojans, and consumes almost 80% of our internet bandwidth.
Is there any iptables rule that can stop these unwanted traffic to internet.
our users are allowed to connect almost every thing e.g msn/yahoo/skype messengers, webcam, outlook(smtp/pop).
I am also attaching the iptables script for the kind consideration of you GURUS.
Regards
Maaz
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2008 12:13 AM
тАО03-25-2008 12:13 AM
Re: block unwanted traffic to internet via IPTABLES - help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2008 01:54 AM
тАО03-25-2008 01:54 AM
Re: block unwanted traffic to internet via IPTABLES - help
iptables is not an "application intelligent" firewall so you need to specify the port/IP you wish to block.
Implement strict rules - for example everything is blocked except:
ports 25/110 from all machines
ports 80/443 from squid
all proxy aware applications sould be configured to work via squid.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2008 02:20 AM
тАО03-25-2008 02:20 AM
Re: block unwanted traffic to internet via IPTABLES - help
If you can please edit the attached iptables-script file that just allow smtp/pop/http traffic to internet. And also allow dns queries traffic to this gateway machine(as this machine is cache-only dns server too).
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2008 02:34 AM
тАО03-25-2008 02:34 AM
Re: block unwanted traffic to internet via IPTABLES - help
There is very little iptables can do concerning virus transmission.
All you should do is modify your script to block as many ports as possible.
You might find an alternative to firewall scripting is firestarter.
Though the product has not been updated in some time, it is very effective with a motif gui at shutting down ports.
http://www.fs-security.com
If you want a distribution of Linux that includes firewall, anti-virus and anti-spam thing about this:
http://www.clarkconnect.com/
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2008 10:24 AM
тАО03-25-2008 10:24 AM
Re: block unwanted traffic to internet via IPTABLES - help
This also means you are consuming a fair amount of your internal network resources as well. You'd do well to install virus scanners at the very least on each workstation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2008 01:45 AM
тАО03-26-2008 01:45 AM
Re: block unwanted traffic to internet via IPTABLES - help
Enjoy life.
Jean-Pierre Huc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2008 03:04 AM
тАО03-27-2008 03:04 AM
Re: block unwanted traffic to internet via IPTABLES - help
Our Directors are ready to buy the Symantec Norton Antivirus license for all M$ machines.
ok Gurus, if I add the following rule on top of all other rules then ?
iptables -A INPUT -d 255.255.255.255 -j DROP
I mean does the above rule will work in my case ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-16-2008 02:15 PM
тАО04-16-2008 02:15 PM
SolutionOR
try the attached script. it is a good starting point for a self skripted firewall. you will find helpfull howto's at http://www.netfilter.org/documentation/index.html#documentation-howto
copy the attachment to /etc/rc.d/init.d and add it with chkconfig to your system but be aware that this script will block your system because it is configured for my lan and it's only a simplified version so you have to add your rules. there are some small exampels for blocking some ip's from i-net (bad servers trying to harm your system), masquerade lan clients to connect to internet, open ports for local server and dnat rules to forward some special ports to one lan client. it also includes a panic option for shuting down any traffic on the server when you think you got hacked.
but a firewall don't protect you from viruses . and rtfm ;) http://www.netfilter.org/documentation/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2008 08:43 PM
тАО04-17-2008 08:43 PM