Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => General Networking Support in Linux => Topic started by: Rakesha_a on March 05, 2004, 06:11:37 AM
-
hi all,
i have redhat linux 7.2 with squid. actually i don't have much more exposure in linux . I have to restrict some sites and IPs. how can i do that?
also say about scheduling. suppose for ip 192.168.0.143, should be allowed only between 10 to 12 am.
plz guide me in details.
Thank you!
-
For blocking sites and ips you can use both squid as well as Iptables..
First of all you have to remove ipchains.. ( used before iptables in earlier versions) and load iptables.. in ur system . Run the following commands ... ( all commands are to be executed separately and the lines with '#' are for description..
chkconfig --del ipchains
chkconfig --add iptables
ipchains -F
service ipchains stop
rmmod ipchains
service iptables start
I have told those as redhat contains ipchains as default in earlier versions.
Now to block sites.. using squid see this post.. by me..
http://www.linuxsolved.com/forums/viewtopic.php?t=155
also to block a specific ip you can following in squid.conf
say we have to block 192.168.0.7 and 192.168.0.12
acl badips src 192.168.0.7 192.168.0.12
acl badips deny
here "badips" is the word i have chosen u can use anything else..
Now to block some ips using iptables..
say we have to block a 192.168.0.21
iptables -I INPUT -s 192.168.0.21 -j DROP
iptables -A FORWARD -d domain.com -j DROP
Since you are using RH7.2 you can save all iptables rules in a text file such as "rc.nat" and put that file in /etc/rc.d/ then make it execuatable by
chmod 755 <full filename with path>
Now open your /etc/rc.d/rc.local and add the path to ur script file her it should be
/etc/rc.d/rc.nat
Now every time u boot ur linux it will get executed automatically...
Lastly. ur all question had been answered here already .. U can also used Search feature and if unable to find answer then u can always post..
-
BTw.. i just forgot abouit scheduling thing.. see my this post.. http://www.linuxsolved.com/forums/viewtopic.php?t=166