Como bloquear navegação pelo IPTABLES [RESOLVIDO]

rage against
(usa CentOS)

Enviado em 17/12/2009 - 08:32h

Prezados, bom dia,

Andei vasculhando nos "pai" google e não encontrei a solução para o meu caso.
Possuo algumas máquinas da produção que não gostaria que tivesse acesso a navegação internet, mas continuasse com acesso a e-mails e spark (msn interno).
Utilizou o centOS e abaixo segue meu arqvio iptables. Não fui eu quem montou esse servidor, pois não tenho conhecimento para tal. Já efetuei os comentários nas linhas onde teoricamente libera a internet para as estações mas até agora nada. Já utilizei outros comandos como:
IPTABLES -A INPUT -P TCP -I ETH1 -S 192.168.0.45 --DPORT 3128 -J DROP
E também nada...

se puderem me ajudar eu agradeço, abraços...



#!/bin/sh
# description: iptables
# chkconfig: 2345 80 30
# processname: iptables
# pidfile: /var/run/iptables.pid
#
. /etc/init.d/functions
. /etc/sysconfig/network

if [ ${NETWORKING} = "no" ]
then
exit 0
fi

case "$1" in
start)
gprintf "Iniciando o Serviço de %s: " "iptables"
echo
echo 1 > /proc/sys/net/ipv4/ip_forward

modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_tables
modprobe ipt_limit
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe ip_nat_ftp

## Definindo a Politica default
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

## Limpando as regras existentes
iptables -t filter -F
iptables -t nat -F

## Liberando ACESSO A INTERNET Faixa de IP
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -mstate --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.1 -d 0/0 -j MASQUERADE # FINANCEIRO
iptables -t nat -A POSTROUTING -s 192.168.0.2 -d 0/0 -j MASQUERADE # DIRETORIA
iptables -t nat -A POSTROUTING -s 192.168.0.3 -d 0/0 -j MASQUERADE # SEGURANCA
iptables -t nat -A POSTROUTING -s 192.168.0.4 -d 0/0 -j MASQUERADE # PRODUCAO
iptables -t nat -A POSTROUTING -s 192.168.0.5 -d 0/0 -j MASQUERADE # PRODUCAO
iptables -t nat -A POSTROUTING -s 192.168.0.6 -d 0/0 -j MASQUERADE # PRODUCAO
iptables -t nat -A POSTROUTING -s 192.168.0.7 -d 0/0 -j MASQUERADE # PRODUCAO
iptables -t nat -A POSTROUTING -s 192.168.0.8 -d 0/0 -j MASQUERADE # PRODUCAO
iptables -t nat -A POSTROUTING -s 192.168.0.9 -d 0/0 -j MASQUERADE # FINANCEIRO
iptables -t nat -A POSTROUTING -s 192.168.0.10 -d 0/0 -j MASQUERADE # DIRETORIA

#redireciona proxy
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A PREROUTING -t nat -s 192.168.0.0/24 -d ! 65.54.183.202 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -A PREROUTING -t nat -s 192.168.0.0/24 -d ! 65.54.183.202 -p tcp --dport 3128 -j REDIRECT --to-ports 3128

# Antivirus AVG
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d akamai.grisoft.cz -j MASQUERADE

## Bloqueando Spoof
iptables -A INPUT -i eth1 -s 192.168.0.1/24 -j DROP

# Bloqueando squid externo
iptables -A INPUT -p TCP -i eth1 -d 189.X.X.X --dport 3128 -j DROP

# Bloqueando portscan
iptables -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A FORWARD -i eth1 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP

#bloqueios de ataque dos
iptables -A FORWARD -m unclean -j DROP

# bloqueio das portas UDP
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 7777:7779 -j DNAT --to-dest 192.168.0.254
iptables -A FORWARD -p udp -i eth1 --dport 7777:7779 -d 192.168.0.254 -j ACCEPT

#Bloqueando parte das portas udp:
iptables -A INPUT -i eth1 -p udp --dport 0:30000 -j DROP

#Bloqueando ssh
#iptables -A INPUT -p tcp --destination-port 22 -j DROP

#Bloqueando AIM:
iptables -A FORWARD -d login.oscar.aol.com -j REJECT

#Bloqueando ICQ:
iptables -A FORWARD -p tcp --dport 5190 -j REJECT
iptables -A FORWARD -d login.icq.com -j REJECT

#Bloqueando MSN:
iptables -A FORWARD -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -p udp --dport 1863 -j REJECT
iptables -A FORWARD -p tcp --dport 7000 -j REJECT
iptables -A FORWARD -p tcp --dport 7001 -j REJECT
iptables -A FORWARD -p udp --dport 7000 -j REJECT
iptables -A FORWARD -p udp --dport 7001 -j REJECT
iptables -A FORWARD -d 64.4.9.0/24 -j REJECT
iptables -A FORWARD -d 65.54.239.0/24 -j REJECT
iptables -A FORWARD -d 64.4.35.0/24 -j REJECT
iptables -A FORWARD -d 65.55.197.0/24 -j REJECT
iptables -A FORWARD -d 207.0.0.0/8 -j REJECT
iptables -A FORWARD -d 204.0.0.0/8 -j REJECT
iptables -A FORWARD -d 216.151.187.0/24 -j REJECT
iptables -A FORWARD -d 63.0.0.0/8 -j REJECT
iptables -A FORWARD -d 64.0.0.0/8 -j REJECT
iptables -A FORWARD -d 65.0.0.0/8 -j REJECT
iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
iptables -A FORWARD -p tcp --dport 1981 -j DROP
iptables -A FORWARD -p udp --dport 1981 -j DROP
iptables -A FORWARD -p tcp --dport 2037 -j DROP
iptables -A FORWARD -p udp --dport 2037 -j DROP
iptables -A FORWARD -p tcp --dport 3501 -j DROP
iptables -A FORWARD -p udp --dport 3501 -j DROP
iptables -A FORWARD -p tcp --dport 3531 -j DROP
iptables -A FORWARD -p udp --dport 3531 -j DROP
iptables -A FORWARD -p tcp --dport 3587 -j DROP
iptables -A FORWARD -p udp --dport 3587 -j DROP
iptables -A FORWARD -p tcp --dport 3955 -j DROP
iptables -A FORWARD -p udp --dport 3955 -j DROP
iptables -A FORWARD -p tcp --dport 4242 -j DROP
iptables -A FORWARD -p udp --dport 4242 -j DROP
iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
iptables -A FORWARD -p tcp --dport 4688 -j DROP
iptables -A FORWARD -p udp --dport 4688 -j DROP
iptables -A FORWARD -p tcp --dport 5121 -j DROP
iptables -A FORWARD -p udp --dport 5121 -j DROP
iptables -A FORWARD -p tcp --dport 5662 -j DROP
iptables -A FORWARD -p udp --dport 5662 -j DROP
iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
iptables -A FORWARD -p tcp --dport 6699 -j DROP
iptables -A FORWARD -p udp --dport 6699 -j DROP
iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
iptables -A FORWARD -p tcp --dport 8473 -j DROP
iptables -A FORWARD -p udp --dport 8473 -j DROP
iptables -I FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT
iptables -I FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT
#iptables -I FORWARD -s 192.168.1.0/24 -p tcp --dport 1863 -j REJECT
#iptables -I FORWARD -s 192.168.1.0/24 -d loginnet.passport.com -j REJECT
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.28.93/32 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.28.94/32 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.113.0/24 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.216.0/24 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.26.253/32 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.26.254/32 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.107.0/24 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.106.0/24 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.216.62/32 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.27.0/24 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.108.69/32 -j DROP
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -d 207.46.109.0/24 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.28.93/32 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.28.94/32 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.113.0/24 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.216.0/24 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.26.253/32 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.26.254/32 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.107.0/24 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.106.0/24 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.216.62/32 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.27.0/24 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.108.69/32 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -d 207.46.109.0/24 -j DROP

#Bloqueando Yahoo Messenger:
iptables -A FORWARD -d scsa.yahoo.com -j REJECT

# Bloqueando Emule
iptables -A FORWARD -p tcp -m multiport --dport 4661,4711,4662,4665,4672 -j DROP
iptables -A FORWARD -p udp -m multiport --dport 4662,4672,4665 -j DROP

#Bittorrent:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 6881:6889 -j DNAT --to-dest 192.168.0.2
iptables -A FORWARD -p tcp -i eth1 --dport 6881:6889 -d 192.168.0.2 -j REJECT

#iMesh:
iptables -A FORWARD -d 216.35.208.0/24 -j REJECT

#BearShare:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT

#ToadNode:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT

#WinMX:
iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
iptables -A FORWARD -d 64.49.201.0/24 -j REJECT

#Napigator:
iptables -A FORWARD -d 209.25.178.0/24 -j REJECT

#Morpheus:
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD -p TCP --dport 1214 -j REJECT

#KaZaA:
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -p TCP --dport 1214 -j REJECT

#Limewire:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT

#Audiogalaxy:
iptables -A FORWARD -d 64.245.58.0/23 -j REJECT

# Liberando PING
iptables -t nat -A POSTROUTING -p ICMP -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

# Liberando Portas
#iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 0/0 --dport 5190 -j MASQUERADE
#iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 0/0 --dport 4000 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s 211.1.188.0/24 -d icq.com -j MASQUERADE

# Liberando live-update Norton Antivirus
#iptables -t nat -A POSTROUTING -s 211.1.188.0/24 -d akamai.grisoft.cz -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d liveupdate.symantecliveupdate.com -j MASQUERADE


#######################################
# Abrindo para os programas Bancários #
#######################################
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 0/0 --dport 443 -j MASQUERADE
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 0/0 --dport 444 -j MASQUERADE
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 0/0 --dport 447 -j MASQUERADE
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 0/0 --dport 7443 -j MASQUERADE

################################
# Abrindo Conectividade Social #
################################
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 200.252.47.234 --dport 2631 -j MASQUERADE
# iptables -t nat -A PREROUTING -i eth1 -p -tcp ! 200.201.174.207 --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A PREROUTING -i eth1 -p -tcp ! 200.201.174.207 --dport 80 -j REDIRECT --to-port 3128

#############
# CAGED-net #
#############
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 200.244.113.8 --dport 2500 -j MASQUERADE
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 200.220.45.39 --dport 2500 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 200.201.173.68 -j MASQUERADE

############
# RAIS-net #
############
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 161.148.185.0/24 --dport 3007 -j MASQUERADE

###############
# Receita-net #
###############
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 161.148.185.0/24 --dport 3456 -j MASQUERADE

############################
# Sintegra (Valida Paraná) #
############################
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 200.201.114.3 --dport 1049 -j MASQUERADE
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 200.201.114.3 --dport 80 -j MASQUERADE
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.0/24 -d 200.189.113.86 --dport 8017 -j MASQUERADE

###################################
# Bloqueando Netbus e B.O. Trinoo #
###################################
iptables -t filter -A OUTPUT -p UDP --dport 31337 -j DROP
iptables -t filter -A OUTPUT -p TCP --dport 1234 -j DROP
iptables -t filter -A OUTPUT -p TCP --dport 12345 -j DROP
iptables -t filter -A OUTPUT -p TCP --dport 12346 -j DROP
iptables -t filter -A OUTPUT -p UDP --dport 2049 -j DROP
iptables -t filter -A OUTPUT -p TCP --dport 20034 -j DROP
iptables -t filter -A OUTPUT -p TCP --dport 54321 -j DROP
iptables -t filter -A OUTPUT -p TCP --dport 27665 -j DROP
iptables -t filter -A OUTPUT -p UDP --dport 27444 -j DROP
iptables -t filter -A OUTPUT -p UDP --dport 31335 -j DROP

#Liberando Terminal Server
IP_INTERNO=192.168.0.75
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 189.X.X.X --dport 3389 -j DNAT --to 192.168.0.75
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.75 --dport 3389 -j SNAT --to 189.X.X.X

#Liberando Servidor de Msg Openfire / Spark
#IP_INTERNO=192.168.0.1
#iptables -A FORWARD -p tcp --dport 5222 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -d 192.168.1.61 --dport 5222 -j DNAT --to 192.168.0.1
#iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.1 --dport 5222 -j SNAT --to 192.168.1.61
# Liberando Voip Rede Externa
#IP_INTERNO=192.168.0.2
#iptables -A FORWARD -p tcp --dport 5060 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -d 192.168.1.61 --dport 5060 -j DNAT --to 192.168.0.2
#iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.2 --dport 5060 -j SNAT --to 192.168.1.61
#iptables -A FORWARD -p tcp --dport 5004 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -d 192.168.1.61 --dport 5004 -j DNAT --to 192.168.0.2
#iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.2 --dport 5004 -j SNAT --to 192.168.1.61

#pcAnywhere
#iptables -A FORWARD -p tcp --dport 5631 -j ACCEPT
#iptables -A FORWARD -p udp --dport 5632 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -d 200.163.237.74 --dport 5631 -j DNAT --to 211.1.188.20
#iptables -t nat -A POSTROUTING -p tcp -s 211.1.188.20 --dport 5631 -j SNAT --to 200.163.237.74
#iptables -t nat -A PREROUTING -p udp -d 200.163.237.74 --dport 5632 -j DNAT --to 211.1.188.20
#iptables -t nat -A POSTROUTING -p udp -s 211.1.188.20 --dport 5632 -j SNAT --to 200.163.237.74

#RealVNC
#iptables -A FORWARD -p tcp --dport 5900 -j ACCEPT
#iptables -A FORWARD -p udp --dport 5800 -j ACCEPT
#iptables -t nat -A PREROUTING -p tcp -d 192.168.1.61 --dport 5900 -j DNAT --to 192.168.0.1
#iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.1 --dport 5900 -j SNAT --to 192.168.1.61
#iptables -t nat -A PREROUTING -p udp -d 192.168.1.61 --dport 5800 -j DNAT --to 192.168.0.1
#iptables -t nat -A POSTROUTING -p udp -s 192.168.0.1 --dport 5800 -j SNAT --to 192.168.1.61

# Listar as Regras
iptables -t filter -L -n
iptables -t nat -L -n
;;

stop)
gprintf "Finalizando o Serviço de %s: " "iptables"
echo
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING DROP
iptables -t nat -P OUTPUT DROP
iptables -t nat -P POSTROUTING DROP
iptables -t filter -F
iptables -t nat -F
iptables -t filter -L -n
iptables -t nat -L -n
rmmod ipt_state ipt_MASQUERADE iptable_nat ip_conntrack iptable_filter ip_tables
;;
status)
gprintf "Status do Serviço de %s: " "iptables"
echo
iptables -t filter -L -n
iptables -t nat -L -n
;;

*)
gprintf "Uso: iptables (start|stop|status)"
echo
exit 0
;;

esac

exit 0

maninhx
(usa Slackware)

Enviado em 17/12/2009 - 16:03h

tenta essa regra
iptables -A FORWARD -s ip_da_maquina -p tcp -m tcp --dport 80 -j DROP

iptables -A FORWARD -s ip_da_maquina -p tcp -m tcp --dport 3128 -j DROP

rage against
(usa CentOS)

Enviado em 18/12/2009 - 08:29h

Amigo, obrigado pela ajuda, mas não deu certo...

Inseri as linhas conforme enviou e estou começando a achar que não é esse iptables que estou editando que é carregado.

cd /etc
cd init.d
mcedit iptables
Após inserir as linhas, salvo e digito o seguinte comando no terminal
service iptables stop
service iptables start.

É isso? Como faço pra saber se é esse arquivo iptables que ele está carregando...

Obrigado!

magnolinux
(usa Debian)

Enviado em 18/12/2009 - 09:47h

Amigo..

o seu arquivo de firewall ta muito bagunçado e com regras fora de ordem, isso causa erros de anulações de regras...

Se vc estiver utilizando servidor proxy, então vc tera que fazer esse bloqueio de navegação no proxy.

Agora se vc estiver somente com o firewall ativo..

as regras abaixo ira funcionar..

iptables -t filter -A FORWARD -s IP_MICRO -p tcp --dport 110 -j ACCEPT
iptables -t filter -A FORWARD -s IP_MICRO -p tcp --dport 25 -j ACCEPT
iptables -t filter -A FORWARD -s IP_MICRO -j DROP

Só para vc entender, primeiramente estou liberando a porta 110 e 25 para trafego de email e depois bloqueio todo resto para este ip.

OK!!!!

Testa e posta aí..

Flw...

rage against
(usa CentOS)

Enviado em 18/12/2009 - 10:06h

Amigo, efetuei o teste e nada feito.

Como disse não fui eu quem instalou e configurou o servidor, pois não tenho conhecimento para isso. Então não sei nem dizer se está ou não bagunçado hehehehe.

Neste servidor roda o proxy transparente (sem autenticação), firewall e servidor de Spark (Openfire).

Não sei se ajudam essas informações.

magnolinux
(usa Debian)

Enviado em 18/12/2009 - 10:15h

como vc tem proxy, vc tera que bloquear o acesso a web no squid.

vc tb pode colocar essa regra que ira travar esse micro para nao navegar na net..

iptables -t nat -I PREROUTING -s IP_MICRO -p tcp --dport 80 -j DROP

Flw...

rage against
(usa CentOS)

Enviado em 18/12/2009 - 10:56h

Obrigado amigo, funcionou.
Se eu quiser bloquear outras portas, só troco o final, correto?

magnolinux
(usa Debian)

Enviado em 18/12/2009 - 10:59h

Isso mesmo...

Flw.. abraço;

rage against
(usa CentOS)

Enviado em 18/12/2009 - 11:01h

Amigo,

Poderia me fornecer ou indicar documentação para eu começar a configurar meu próprio servidor linux? Meu conhecimento é o básico do básico...

Obrigado.