va trebui sa modifici FORWARD cu:
iptables --policy FORWARD DROP
iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 25 --jump ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 80 --jump ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 110 --jump ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -p tcp --dport 143 --jump ACCEPT
# aceste 4 reguli sunt pentru acces la orice adresa pentru
# mail prin POP3, IMAP, send shi www
iptables -A FORWARD -d 192.168.0.0/24 --syn --jump DROP
iptables -A FORWARD -s 192.168.0.0/24 --syn --jump DROP
# aceste 2 reguli resping orice tentativa de initiere a unei conectari
# in reteaua locala sau de la reteaua locala spre internet
iptables -A FORWARD -d 192.168.0.0/24 -p tcp --jump ACCEPT
# acesta regula accepta orice alt tip de conexiune tcp
# man iptables
[!] --syn
Only match TCP packets with the SYN bit set and the ACK and RST
bits cleared. Such packets are used to request TCP connection
initiation; for example, blocking such packets coming in an interface
will prevent incoming TCP connections, but outgoing TCP connections will
be unaffected.
It is equivalent to --tcp-flags SYN,RST,ACK SYN. If the "!" flag
precedes the "--syn", the sense of the option is inverted.
ps: daca greshesc va rog sa ma corectatzi ...
Liviu wrote:
> Salut,
> Ideea mea ar fi ca lumea din reteua locala sa nu poata iesi decat pe
> web si pe mail.
--
Best regards,
Dekxter X.
[EMAIL PROTECTED]
---
Detalii despre listele noastre de mail: http://www.lug.ro/
