HPE Community
Operating System - Linux
1754854 Members
4930 Online
108827 Solutions
New Discussion юеВ

block unwanted traffic to internet via IPTABLES - help

 
SOLVED
Go to solution
Maaz
Valued Contributor

тАО03-25-2008 12:10 AM

тАО03-25-2008 12:10 AM

block unwanted traffic to internet via IPTABLES - help

eth0(lan_interface) IP: 192.168.0.1
eth1(internet_Interface) IP: 192.168.1.1

this machine is a gateway for the lan, running iptables and squid.

the problem is that 90% of the lan is Windows XP, and we dont have a good Anti-virus installed on all of our windows XP machines.
These Windows XP machines does Broadcast due to viruses and Trojans, and consumes almost 80% of our internet bandwidth.

Is there any iptables rule that can stop these unwanted traffic to internet.

our users are allowed to connect almost every thing e.g msn/yahoo/skype messengers, webcam, outlook(smtp/pop).

I am also attaching the iptables script for the kind consideration of you GURUS.

Regards
Maaz
0 Kudos
9 REPLIES 9
Maaz
Valued Contributor

тАО03-25-2008 12:13 AM

тАО03-25-2008 12:13 AM

Re: block unwanted traffic to internet via IPTABLES - help

iptables script attached
0 Kudos
Alexander Chuzhoy
Honored Contributor

тАО03-25-2008 01:54 AM

тАО03-25-2008 01:54 AM

Re: block unwanted traffic to internet via IPTABLES - help

Basically you should get rid of the viruses/trojans in the first place.Knowing that viruses exist in your network and ignoring it is just wrong.

iptables is not an "application intelligent" firewall so you need to specify the port/IP you wish to block.

Implement strict rules - for example everything is blocked except:
ports 25/110 from all machines
ports 80/443 from squid

all proxy aware applications sould be configured to work via squid.
0 Kudos
Maaz
Valued Contributor

тАО03-25-2008 02:20 AM

тАО03-25-2008 02:20 AM

Re: block unwanted traffic to internet via IPTABLES - help

Thanks A lot Alexander for your suggestions.
If you can please edit the attached iptables-script file that just allow smtp/pop/http traffic to internet. And also allow dns queries traffic to this gateway machine(as this machine is cache-only dns server too).

Regards
0 Kudos
Steven E. Protter
Exalted Contributor

тАО03-25-2008 02:34 AM

тАО03-25-2008 02:34 AM

Re: block unwanted traffic to internet via IPTABLES - help

Shalom Maaz,

There is very little iptables can do concerning virus transmission.

All you should do is modify your script to block as many ports as possible.

You might find an alternative to firewall scripting is firestarter.

Though the product has not been updated in some time, it is very effective with a motif gui at shutting down ports.

http://www.fs-security.com

If you want a distribution of Linux that includes firewall, anti-virus and anti-spam thing about this:

http://www.clarkconnect.com/

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Alan_152
Honored Contributor

тАО03-25-2008 10:24 AM

тАО03-25-2008 10:24 AM

Re: block unwanted traffic to internet via IPTABLES - help

"These Windows XP machines does Broadcast due to viruses and Trojans, and consumes almost 80% of our internet bandwidth."

This also means you are consuming a fair amount of your internal network resources as well. You'd do well to install virus scanners at the very least on each workstation.
0 Kudos
Huc_1
Honored Contributor

тАО03-26-2008 01:45 AM

тАО03-26-2008 01:45 AM

Re: block unwanted traffic to internet via IPTABLES - help

clamav from http://www.clamav.net on the server could be usefull and somethink like avast from http://www.avast.com/ on the Microsoft client, could probably also be usefull.

Enjoy life.

Jean-Pierre Huc
Smile I will feel the difference
0 Kudos
Maaz
Valued Contributor

тАО03-27-2008 03:04 AM

тАО03-27-2008 03:04 AM

Re: block unwanted traffic to internet via IPTABLES - help

Nice peoples and Nice replies... Thanks EveryOne ;).

Our Directors are ready to buy the Symantec Norton Antivirus license for all M$ machines.

ok Gurus, if I add the following rule on top of all other rules then ?
iptables -A INPUT -d 255.255.255.255 -j DROP

I mean does the above rule will work in my case ?
0 Kudos
Johannes Krackowizer
Occasional Advisor

тАО04-16-2008 02:15 PM

тАО04-16-2008 02:15 PM

Solution

Re: block unwanted traffic to internet via IPTABLES - help

as mentioned before http://www.fs-security.com/ Firestarter is a good simple firewall with graphical frontend you can tell to drop anything exept the rules you set for openening some ports. you will have a log that shows anything that is blocked by the firewall (rightclick them to add them to the firewall rules) so it's easy to open ports for services you need.

OR

try the attached script. it is a good starting point for a self skripted firewall. you will find helpfull howto's at http://www.netfilter.org/documentation/index.html#documentation-howto

copy the attachment to /etc/rc.d/init.d and add it with chkconfig to your system but be aware that this script will block your system because it is configured for my lan and it's only a simplified version so you have to add your rules. there are some small exampels for blocking some ip's from i-net (bad servers trying to harm your system), masquerade lan clients to connect to internet, open ports for local server and dnat rules to forward some special ports to one lan client. it also includes a panic option for shuting down any traffic on the server when you think you got hacked.

but a firewall don't protect you from viruses . and rtfm ;) http://www.netfilter.org/documentation/
21 is only the half truth
0 Kudos
Maaz
Valued Contributor

тАО04-17-2008 08:43 PM

тАО04-17-2008 08:43 PM

Re: block unwanted traffic to internet via IPTABLES - help

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.