Salutare. Aveam mai demult niste un firewall pe CentOS in care aveam:
for s in ${lista} do iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21 -m string --string '.exe' --algo bm -j DROP iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21 -m string --string '.zip' --algo bm -j DROP iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21 -m string --string '.EXE' --algo bm -j DROP iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21 -m string --string '.ZIP' --algo bm -j DROP iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21 -m string --string '.TORRENT' --algo bm -j DROP iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21 -m string --string '.torrent' --algo bm -j DROP iptables -t nat -A PREROUTING -i eth1 -p tcp --match multiport --dports 80,21 -s ${s} -j DNAT --to 192.168.0.254:8080 iptables -t nat -A POSTROUTING -p tcp -o ${INTERNET} --match multiport --dports 23,25,53,110,443,5000,5001,5050,5100 -s ${s} -j SNAT --to-source ${NAT} iptables -t nat -A POSTROUTING -p udp -o ${INTERNET} --match multiport --dports 53,5000,5001,5050,5100 -s ${s} -j SNAT --to-source ${NAT} done Vroiam sa o folosesc din nou ca sa blochez fisierele respective dar am constatat ca nu mai merge. Am incercat sa fac si pt. fiecare port in parte (sa renunt la --match multiport) si nu a mers. Nu as vrea sa folosesc squid-ul ca sa blochez fisierele astea. (daca mai merge blocat prin iptables) Multumesc anticipat. _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug