Restiction on Bubba2

Got problems with Bubba? Then this forum is for you.
Locked
adoup
Posts: 1
Joined: 28 Jul 2011, 10:34

Restiction on Bubba2

Post by adoup » 28 Jul 2011, 10:38

Hi,
I'm looking for a way to manage my users individually. I like to block a single user or ip from inside my network.
Thus block them to go to the internet..

Thanks!

Arno

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Restiction on Bubba2

Post by Ubi » 28 Jul 2011, 15:18

You cannot block a single user, but you can block an IP address from going to outside.

Code: Select all

iptables -A INPUT -s 192.168.0.X -d ! 192.168.0.1/24 -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 80 -j REJECT
would block www access of IP 192.168.0.X via the router, except for local traffic. At least that's what I think. There's a lot of IPtables howtos on the web.

Entering this line is not persistent, it goes away upon reboot (so if you kill all network access, simply reboot). TO make it permanent add the line to /etc/rc.local

ryz
Posts: 183
Joined: 12 Feb 2009, 06:03

Re: Restiction on Bubba2

Post by ryz » 29 Jul 2011, 08:03

Since Bubba default saves all iptables rules on shutdown i do believe that the settings will be persistent.

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Restiction on Bubba2

Post by Ubi » 29 Jul 2011, 15:58

Blummin flip, you're right! Not a very wise design decision in my opinion. But anyway, in case you get locked out by your own iptables mistake, I suppose you just need to yank the power cable and give it a hard down. This way it doesnt get the chance to run the iptables script.

ALternatively, you can edit /etc/init.d/bubba-firewall and comment out the line that says iptables-save, until you're sure it works.

Alternatively again, you can set a cron job that runs "/etc/init.d/bubba-firewall stop" every hour. That means you get locked out max 1 hour.

Locked