Re: [rlug] iptables - blocare download fisiere.

Mon, 28 Nov 2016 05:46:15 -0800 

Trebuie sa bagi si coduri hexa dar întai sa testezi sa NU tai si altceva.
link: https://www.centos.org/forums/viewtopic.php?t=58860


2016-11-28 4:09 GMT+02:00 Laurentiu Stefan <[email protected]>:

> Salutare.
>
> Aveam mai demult niste un firewall pe CentOS in care aveam:
>
> for s in ${lista}
> do
>
>   iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
> -m string --string '.exe' --algo bm -j DROP
>   iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
> -m string --string '.zip' --algo bm -j DROP
>   iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
> -m string --string '.EXE' --algo bm -j DROP
>   iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
> -m string --string '.ZIP' --algo bm -j DROP
>   iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
> -m string --string '.TORRENT' --algo bm -j DROP
>   iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
> -m string --string '.torrent' --algo bm -j DROP
>
>   iptables -t nat -A PREROUTING -i eth1 -p tcp --match multiport --dports
> 80,21 -s ${s} -j DNAT --to 192.168.0.254:8080
>
>   iptables -t nat -A POSTROUTING -p tcp -o ${INTERNET} --match multiport
> --dports 23,25,53,110,443,5000,5001,5050,5100 -s ${s} -j SNAT --to-source
> ${NAT}
>   iptables -t nat -A POSTROUTING -p udp -o ${INTERNET} --match multiport
> --dports 53,5000,5001,5050,5100 -s ${s} -j SNAT --to-source ${NAT}
>
> done
>
> Vroiam sa o folosesc din nou ca sa blochez fisierele respective dar am
> constatat ca nu mai merge.
>
> Am incercat sa fac si pt. fiecare port in parte (sa renunt la --match
> multiport) si nu a mers.
>
> Nu as vrea sa folosesc squid-ul ca sa blochez fisierele astea. (daca mai
> merge blocat prin iptables)
>
> Multumesc anticipat.
> _______________________________________________
> RLUG mailing list
> [email protected]
> http://lists.lug.ro/mailman/listinfo/rlug
>



-- 
Lucian Covaci
0762699216
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug

Raspunde prin e-mail lui