The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hello,
I am sharing my internet in the neighborhood. There is a client computer connected to the router that I want to block all its outgoing connections except HTTP (80) access. I.e. only allow it to surf unencrypted web sites. I am wondering how I can implement this using iptables. Any input would be appreciated.
Thanks,
Dong
Currently I am using these two rules but I an not sure if they are correct or not:
iptables -I grp_1 -s 192.168.1.113 -p tcp --dport 80 -j ACCEPT // allow 113 access destination port 80
iptables -A grp_1 -s 192.168.1.113 -j DROP // block all other ports
What happens if your neighborhood change his IP ?
You can use mac filtering with iptables using "ipt_mac" (insmod ipt_mac)
iptables -A ... -m mac --mac-source 00:aa:aa:77:88:99 -j DROPps: Yes, changing mac is possible too, but more "difficult" than changing ip ...
(Last edited by Sonic on 20 Aug 2007, 23:25)
What happens if your neighborhood change his IP ?
You can use mac filtering with iptables using "ipt_mac" (insmod ipt_mac)iptables -A ... -m mac --mac-source 00:aa:aa:77:88:99 -j DROPps: Yes, changing mac is possible too, but more "difficult" than changing ip ...
Sounds good! I was thinking about this issue but didnt know the syntax for the mac filtering 
Thanks!
The discussion might have continued from here.