Antispoofing and IP based restriction may be option here also. Example: (let's say I want to deny traffic from network 192.168.0.0/24 on internal interface)
iptables -N Bad_Guys iptables -A INPUT -i eth1 -s 192.168.0.0/255.255.255.0 -j Bad_guys iptables -A FORWARD -i eth1 -s 192.168.0.0/255.255.255.0 -j Bad_Guys iptables -A I Bad_Guys -j DROP Same can be applied to accept traffic or create any type of complexity here. I found a tool like fwbuilder (http://www.fwbuilder.org) (GUI interface for iptables) is great managing complicated rules such as this. Rajeev On Tuesday 12 February 2002 14:58, Paul Robertson wrote: > On Wed, 13 Feb 2002, Nick wrote: > > I got some nasty users behind proxying / filtering server,.. > > sometimes they change their ip address to get out from the restrictions. > > > > What should I do to prevent this ? ( I use iptables ) > > Use a proxy that supports authentication. Revoke anyone's password who > shares credentials. > > Paul > --------------------------------------------------------------------------- >-- Paul D. Robertson "My statements in this message are personal > opinions [EMAIL PROTECTED] which may have no basis whatsoever in > fact." > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls -- ******************************************************************** Rajeev Kumar ([EMAIL PROTECTED]) http://www.rajeevnet.com ******************************************************************** -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey ******************************************************************** What's New on rajeevnet.com: o Unix/Windows password Sync: http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html ******************************************************************** _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
