creoq ue sería importante que cambies esto: iptables -I FORWARD -s 192.168.1.12 -d 111.221.74.0/24 -j ACCEPT iptables -I FORWARD -d 192.168.1.12 -s 111.221.74.0/24 -j ACCEPT . . . iptables -I FORWARD -s 111.221.74.0/24 -j DROP iptables -I FORWARD -d 111.221.74.0/24 -j DROP
por esto iptables -A FORWARD -s 192.168.1.12 -d 111.221.74.0/24 -j ACCEPT iptables -A FORWARD -d 192.168.1.12 -s 111.221.74.0/24 -j ACCEPT . . . iptables -A FORWARD -s 111.221.74.0/24 -j DROP iptables -A FORWARD -d 111.221.74.0/24 -j DROP > From: arvega...@hotmail.com > To: centos-es@centos.org > Date: Tue, 16 Apr 2013 16:18:05 -0500 > Subject: Re: [CentOS-es] Cerrar Skype > > hola > aqui una explicacion: > > politica accept : > > #FLUSH de reglas > iptables -F > iptables -X > iptables -Z > iptables -t nat -F > iptables -A INPUT -j ACCEPT > iptables -A OUTPUT -j ACCEPT > iptables -A FORWARD -j ACCEPT > > iptables -I FORWARD -s 192.168.1.12 -d 111.221.74.0/24 -j ACCEPT > iptables -I FORWARD -d 192.168.1.12 -s 111.221.74.0/24 -j ACCEPT > > . > . > . > > iptables -I FORWARD -s 111.221.74.0/24 -j DROP > iptables -I FORWARD -d 111.221.74.0/24 -j DROP > > . > . > . > seria algo asi, no te estoy diciendo que con estas reglas funcione, pero > tendrias que probar > > SALUDOS > > > > From: cmarti...@servicomecuador.com > > Date: Tue, 16 Apr 2013 16:10:41 -0500 > > To: centos-es@centos.org > > Subject: Re: [CentOS-es] Cerrar Skype > > > > Perdona no te entiendo > > -- > > > > Saludos > > Ing César Martínez Mora > > Enviado desde mi móvil. HTC > > > > "César C." <arvega...@hotmail.com> escribió: > > > > >hola creo que seria asi: > > > > > >que tipo de politica tienes ? DROP ? ACCEPT? > > >luego > > >si esta en accept, primero permites luego deniegas. > > >si esta en drop entonces permites. > > > > > >asi me funciona > > > > > > > > >> Date: Tue, 16 Apr 2013 15:41:02 -0500 > > >> From: cmarti...@servicomecuador.com > > >> To: centos-es@centos.org > > >> Subject: Re: [CentOS-es] Cerrar Skype > > >> > > >> Amigos he estado investigando con los links que me enviaron y la > > >única > > >> forma que encontré como bloquear skype es aplicando estas reglas > > >> > > >> iptables -I FORWARD -s 111.221.74.0/24 -j DROP > > >> iptables -I FORWARD -s 111.221.77.0/24 -j DROP > > >> iptables -I FORWARD -s 157.55.130.0/24 -j DROP > > >> iptables -I FORWARD -s 157.55.235.0/24 -j DROP > > >> iptables -I FORWARD -s 157.55.56.0/24 -j DROP > > >> iptables -I FORWARD -s 157.56.52.0/24 -j DROP > > >> iptables -I FORWARD -s 194.165.188.0/24 -j DROP > > >> iptables -I FORWARD -s 195.46.253.0/24 -j DROP > > >> iptables -I FORWARD -s 213.199.179.0/24 -j DROP > > >> iptables -I FORWARD -s 63.245.217.0/24 -j DROP > > >> iptables -I FORWARD -s 64.4.23.0/24 -j DROP > > >> iptables -I FORWARD -s 65.55.223.0/24 -j DROP > > >> > > >> Con esto se cierra todo el problema es que no deseo cerrar a todos > > >sino > > >> solo a un grupo de ips, para ello cree un bucle pero no funciona > > >igual > > >> se conectan todos al skype. > > >> > > >> SKYPE_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111" > > >> iptables -N SKYPE > > >> iptables -I FORWARD -s 111.221.74.0/24 -j SKYPE > > >> iptables -I FORWARD -s 111.221.77.0/24 -j SKYPE > > >> iptables -I FORWARD -s 157.55.130.0/24 -j SKYPE > > >> iptables -I FORWARD -s 157.55.235.0/24 -j SKYPE > > >> iptables -I FORWARD -s 157.55.56.0/24 -j SKYPE > > >> iptables -I FORWARD -s 157.56.52.0/24 -j SKYPE > > >> iptables -I FORWARD -s 194.165.188.0/24 -j SKYPE > > >> iptables -I FORWARD -s 195.46.253.0/24 -j SKYPE > > >> iptables -I FORWARD -s 213.199.179.0/24 -j SKYPE > > >> iptables -I FORWARD -s 63.245.217.0/24 -j SKYPE > > >> iptables -I FORWARD -s 64.4.23.0/24 -j SKYPE > > >> iptables -I FORWARD -s 65.55.223.0/24 -j SKYPE > > >> ## SKYPE ALLOW > > >> for face in $SKYPE_ALLOW; do > > >> iptables -A SKYPE -s $face -j ACCEPT > > >> done > > >> iptables -A SKYPE -j REJECT > > >> > > >> > > >> Gracias César > > >> > > >> > > >> > > >> > > >> > > >> > > >> On 05/04/13 23:23, Diego Sanchez wrote: > > >> > > > >https://www.google.com.ar/webhp?sourceid=chrome-instant&ion=1&ie=UTF-8#hl=es-419&safe=off&sclient=psy-ab&q=iptables%20skype%20blocking&oq=&gs_l=&pbx=1&fp=53cce59a2ffd2795&ion=1&bav=on.2,or.r_cp.r_qf.&bvm=bv.44770516,d.eWU&biw=1280&bih=669 > > >> > > > >> > http://pingtool.org/block-skype-connection/ > > >> > > > >> > El día 5 de abril de 2013 18:08, César Martinez > > >> > <cmarti...@servicomecuador.com> escribió: > > >> >> Muchas gracias voy a probarlo y te comento como me fue > > >> >> > > >> >> César > > >> >>> hola, yo no la uso de forma transparente sino configurando en > > >cada pc, > > >> >>> de todas formas te paso los parametros que añadí y me dices si > > >funciona > > >> >>> > > >> >>> lo que hace esto es bloquearte todas las pantallas de formularios > > >> >>> > > >> >>> http_access allow !validUserAgent accesoskype > > >> >>> http_access deny !validUserAgent > > >> >>> > > >> >>> en accesoskype pones a los que si pueden tener acceso. > > >> >>> > > >> >>> saludos > > >> >>> > > >> >>> > > >> >>> > > >> >>>> Date: Fri, 5 Apr 2013 14:27:49 -0500 > > >> >>>> From: cmarti...@servicomecuador.com > > >> >>>> To: centos-es@centos.org > > >> >>>> Subject: Re: [CentOS-es] Cerrar Skype > > >> >>>> > > >> >>>> Hola si uso squid de forma transparente > > >> >>>> > > >> >>>> César > > >> >>>>> hola > > >> >>>>> skype(el antiguo) habia sido un problema en la red que > > >administramos, pero logramos evitar que funcione, > > >> >>>>> con un servidor proxy squid, si te vas el tema de patrones o > > >direcciones , por ahi no es. ¿usas squid? > > >> >>>>> > > >> >>>>> > > >> >>>>>> From: fernando.urru...@solex.cl > > >> >>>>>> Date: Fri, 5 Apr 2013 09:58:31 -0300 > > >> >>>>>> To: centos-es@centos.org > > >> >>>>>> Subject: Re: [CentOS-es] Cerrar Skype > > >> >>>>>> > > >> >>>>>> Skipe: > > >> >>>>>> > > >> >>>>>> En una parte de su configuración(herramientas - opciones - > > >> >>>>>> avanzada - conexión), dice "usar puertos 443 y 80 como > > >alternativa de > > >> >>>>>> conexión", así a menos que tengas un firewall capa 7. > > >> >>>>>> _______________________________________________ > > >> >>>>>> CentOS-es mailing list > > >> >>>>>> CentOS-es@centos.org > > >> >>>>>> http://lists.centos.org/mailman/listinfo/centos-es > > >> >>>>> _______________________________________________ > > >> >>>>> CentOS-es mailing list > > >> >>>>> CentOS-es@centos.org > > >> >>>>> http://lists.centos.org/mailman/listinfo/centos-es > > >> >>>>> > > >> >>>> _______________________________________________ > > >> >>>> CentOS-es mailing list > > >> >>>> CentOS-es@centos.org > > >> >>>> http://lists.centos.org/mailman/listinfo/centos-es > > >> >>> _______________________________________________ > > >> >>> CentOS-es mailing list > > >> >>> CentOS-es@centos.org > > >> >>> http://lists.centos.org/mailman/listinfo/centos-es > > >> >>> > > >> >> _______________________________________________ > > >> >> CentOS-es mailing list > > >> >> CentOS-es@centos.org > > >> >> http://lists.centos.org/mailman/listinfo/centos-es > > >> > > > >> > > > >> > > >> _______________________________________________ > > >> CentOS-es mailing list > > >> CentOS-es@centos.org > > >> http://lists.centos.org/mailman/listinfo/centos-es > > > > > >_______________________________________________ > > >CentOS-es mailing list > > >CentOS-es@centos.org > > >http://lists.centos.org/mailman/listinfo/centos-es > > _______________________________________________ > > CentOS-es mailing list > > CentOS-es@centos.org > > http://lists.centos.org/mailman/listinfo/centos-es > > _______________________________________________ > CentOS-es mailing list > CentOS-es@centos.org > http://lists.centos.org/mailman/listinfo/centos-es _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
