[linux-network] squid dosya indirme yetkisi

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Zafer BAHADIR (zbahadir@bursa-linux.org)
Date: Wed 30 Jul 2003 - 15:32:42 EEST

Next message: Devrim Sipahi: "[linux-network] Re: squid dosya indirme yetkisi"

Previous message: Gürkan KARABATAK: "[linux-network] Re: cajun, network, vs"
Next in thread: Devrim Sipahi: "[linux-network] Re: squid dosya indirme yetkisi"

selam.
squid proxy aginda bulunan butun makinelere dosya indirmeyi yasakladim. fakat
bir kac makineye dosya indirme iznini nasil verebilirim?.
squid ve iptables SuSE uzerinde calisiyor. kerrnel 2.4.20.

#squid uzerinde burada dosya indirmeyi ayasakladim.
acl ISTENMEYEN urlpath_regex -i "/etc/squid/yasak_indirme"
http_access deny all ISTENMEYEN

iptables ayrintilari
===================
iptables -F
modprobe ip_tables
modprobe ip_conntrack
#modprobe ip_conntrack_ftp
modprobe iptable_nat
insmod ip_nat_ftp
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
192.168.202.0:3128

#ping isteklerini engelle
iptables -A INPUT -s 0/0 -p icmp -j DROP

#Syn-flood korumasi
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT

#Port scanner korumasi
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit
1/s -j ACCEPT

#ping of death
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j
ACCEPT

#ip yasaklama
#iptables -A INPUT -s 192.168.202.84 -j DROP # gr-1

#MAC adresine gore ip yasaklama...
#iptables -I INPUT -m mac --mac-source 00:05:1c:09:ac:96 -j DROP #B gr-1

#telnet yasaklama
#iptables -A INPUT -s 0/0 -p tcp --destination-port 7070 -j DROP

#napster
iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24 -p tcp --dport 41031:41900
-j REJECT

#direct tv
iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24 -p tcp --dport 3334:3337 -j
REJECT

#media player
iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24 -p tcp --dport 1755 -j
REJECT

#real player
iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24 -p tcp --dport 554 -j
REJECT

iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24 -p tcp --dport 7070 -j
REJECT

#audio galaxy
iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24 -p tcp --dport 6699:6700 -j
REJECT

#audio galaxy
iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24 -p tcp --dport 1080 -j
REJECT

#ip ye telnet yasaklama...
#--iptables -A INPUT -s 0/0 -p tcp --destination-port telnet -j DROP
==================

-- 
Slackware 9.0
Zafer BAHADIR
Bursa Hakimiyet Gazetesi

Next message: Devrim Sipahi: "[linux-network] Re: squid dosya indirme yetkisi"

Previous message: Gürkan KARABATAK: "[linux-network] Re: cajun, network, vs"
Next in thread: Devrim Sipahi: "[linux-network] Re: squid dosya indirme yetkisi"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.6 tarafindan uretilmistir.