Hi Fabrice,
On 16-1-2018 14:54, Fabrice Durand via PacketFence-users wrote:
Hello,
you can play with iptables.conf in the conf directory in order to add
your custom rules.
So, in the case of limiting outgoing traffic for inline nat clients to
http/https/dns, do you mean adding lines something like this:
:input-internal-inline-if - [0:0]
# OUR OWN RULES HERE:
-A -A input-internal-inline-if --protocol tcp --match tcp --dport 80 --jump
ACCEPT
-A -A input-internal-inline-if --protocol tcp --match tcp --dport 443 --jump
ACCEPT
-A -A input-internal-inline-if --protocol udp --match udp --dport 53 --jump
ACCEPT
# DHCP:
-A input-internal-inline-if --protocol udp --match udp --dport 67 --jump ACCEPT
etc
and then, before the final line, to drop 'all other traffic':
-A input-internal-inline-if --jump DROP
%%input_inter_inline_rules%%
You mean something like that..?
MJ
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users