system toolbox » ubuntu

kako zablokirati neku ip adresu da izlazi na internet¶

možemo ga presresti u FORWARDING chain-u

ovakvo je stanje kod nas na router-u

root@router-4:~# iptables -L FORWARD

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
zone_wan_MSSFIX  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
forwarding_rule  all  --  anywhere             anywhere   <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<           
forward    all  --  anywhere             anywhere            
           all  --  anywhere             anywhere     

root@router-4:~# iptables -L forwarding_rule

Chain forwarding_rule (1 references)
target     prot opt source               destination         

root@router-4:~# iptables -A forwarding_rule -s 192.168.45.171 -j DROP

nakon toga imamo

root@router-4:~# iptables -L forwarding_rule

Chain forwarding_rule (1 references)
target     prot opt source               destination         
DROP       all  --  192.168.45.171       anywhere

testiramo ping i fakat saobraćaj sa te radne stanice ne prolazi. Sa drugih imamo prolaz.

ako ga izbrišemo

root@router-4:~# iptables   -D forwarding_rule   -s 192.168.45.171 -j DROP

ping ponovo radi.

Zaključak: u forwarding chain-u (provjeriti na router-u kako je FORWARD chain podešen pa tu stavite DROP) dodajte drop pravilo.