AV1611 Posted August 12, 2007 Share Posted August 12, 2007 I need to use iptables to drop any requests from 192.168.0.1-192.168.0.254 on port 80. (I want to force them to use squid so blocking port 80 I think is how I want to do it. I can't figure out how to make this work...??? HELP! [root@amdlinux ~]# iptables -A INPUT -p tcp -d 192.168.0.0/32 -d port 80 -j DROP iptables v1.3.7: multiple -d flags not allowed Quote Link to comment Share on other sites More sharing options...
AV1611 Posted August 12, 2007 Author Share Posted August 12, 2007 I went with this, but how would I make an exception for a single ip? [root@amdlinux ~]# iptables -D INPUT -s 192.168.0.0/32 -p tcp --destination-port 80 -j DROP How would I allow, say 192.168.0.100 to be able to port 80 connect, but none of the above? Thanks Quote Link to comment Share on other sites More sharing options...
trq Posted August 12, 2007 Share Posted August 12, 2007 iptables -A INPUT -p tcp -d 192.168.0.100 --dport 80 -j ACCEPT iptables -A INPUT -p tcp -d 192.168.0.0/32 -dport 80 -j DROP Quote Link to comment Share on other sites More sharing options...
steviewdr Posted August 13, 2007 Share Posted August 13, 2007 A redirect iptables rule would be much better. Redirect all external requests on port 80 to 8080. iptables -t nat -A PREROUTING -p tcp -d 192.168.0.100 --dport 80 -j DNAT --to 192.168.0.100:8080 More info on iptable rules at: http://wiki.kartbuilding.net/index.php/Iptables_Firewall -steve Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.