-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
atlas wrote: | А има ли начин това да стане с IPTABLES по MAC адрес? | | |>From: "Georgi Ivanov" <[EMAIL PROTECTED]> |>Sent: Friday, October 01, 2004 6:50 PM |>Subject: Re: lug-bg: Как да огранича по MAC адрес или по IP? |> | atlas wrote: | | [EMAIL PROTECTED] [EMAIL PROTECTED], | | <0< Linux <0H8=0 (Slakware v.10), :>OB> 5 [EMAIL PROTECTED] :J< Internet [EMAIL PROTECTED] | |> PPP0. | | | A25= B>20 8<0 8 <@56>2 040?B5@ ETH0, [EMAIL PROTECTED] :>9B> ?>4020 Internet :J< | | [EMAIL PROTECTED] <8 <@560 (192.168.1.0/24). | | J?@>A0 <8 5, :0: 40 >[EMAIL PROTECTED] 4>ABJ?0 4> <0H8=0B0 [EMAIL PROTECTED] PPP0 40 AB020 | |> A0<> | | | [EMAIL PROTECTED] :>=:@5B5= MAC [EMAIL PROTECTED] 8;8 :>=:@5B=> IP? 45OB0 <8 5 40 :><0=420< | |> Linux | | | <0H8=0B0 [EMAIL PROTECTED] Internet [EMAIL PROTECTED]<[EMAIL PROTECTED]> [EMAIL PROTECTED] SSH ?>@B 22, => =5 8A:0< 40 |>[EMAIL PROTECTED]< | | ?> ?>@B (iptables -A INPUT -i ppp0 -p tcp --dport 22 -j DROP) | | | | 0 F5;B0 AJ7404>E A;54=0B0 [EMAIL PROTECTED]: | | ######################################################## | | iptables -N block | | | | iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT | | iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT | | | | iptables -A block -m mac --mac-source 00:80:AD:62:15:A3 -j ACCEPT | | | | iptables -A block -j DROP | | | | iptables -A INPUT -j block | | iptables -A FORWARD -j block | | ######################################################## | | | | => =5I> =5 A5 ?>;CG020 (>[EMAIL PROTECTED]> ?> MAC =5 A5 ?>;CG020). | | @>120E A >[EMAIL PROTECTED] ?> IP: | | | | iptables -A block -s 213.91.17.190 -i ppp0 -j ACCEPT | | | | => @57C;B0B0 15H5 AJI8O. | | | | :> =O:>9 <>65 40 <8 ?><>3=5, 1;03>[EMAIL PROTECTED] [EMAIL PROTECTED]@8B5;=>. | | | | | | | | | | |> ============================================================================ | | | A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). | | http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara | Zagora | | To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html | | | | |> ============================================================================ | | ">G=> 70 B>78 A;CG09 A ssh <>65H 40 3> >[EMAIL PROTECTED] [EMAIL PROTECTED] hosts.allow 8 | hosts.deny 157 40 ?>;720H iptables | | -- | Georgi Ivanov | Aii Data Processing | System Administrator | IT Department | | | http://www.6lyokavitza.org/
| ============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
| Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
| ============================================================================
| ============================================================================ | A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). | http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora | To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html | ============================================================================ Мисля че ако направиш нещо от сорта на: iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A allowed -p TCP --syn -j ACCEPT iptables -A allowed -p TCP -m state --state ESTABLISHED,RELATED -jACCEPT iptables -A allowed -p TCP -j DROP iptables -A INPUT -p TCP -s ип-то_от_което_искаш_се_вържеш -d ME --dport 22 -j allowed ~ Или да прихванеш MAC-a , ако ще е по MAC
и после изрично да разрешаваш примерно правиш си верига iptables -N allow
- -- Georgi Ivanov Aii Data Processing System Administrator IT Department
http://www.6lyokavitza.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBXZE70dEkp0mjhDsRAvokAJ4wxrbOf4BO40r2rwaJcvkkNO8KDwCfZr5q 8gDHntso/b17cGzrIycLOm8= =c6yV -----END PGP SIGNATURE----- ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================