From: Devrim Sipahi (devrimlinux@yahoo.com)
Date: Wed 30 Jul 2003 - 15:40:51 EEST
Merhaba,
Aşağıdaki satırları ekleyerek yapabilirsiniz.
acl MUAF src "IP lerin yeraldığı dosya"
http_access deny ISTENMEYEN !MUAF
Kolay gelsin
Devrim
--- Zafer BAHADIR <zbahadir@bursa-linux.org> wrote:
> selam.
> squid proxy aginda bulunan butun makinelere dosya
> indirmeyi yasakladim. fakat
> bir kac makineye dosya indirme iznini nasil
> verebilirim?.
> squid ve iptables SuSE uzerinde calisiyor. kerrnel
> 2.4.20.
>
> #squid uzerinde burada dosya indirmeyi ayasakladim.
> acl ISTENMEYEN urlpath_regex -i
> "/etc/squid/yasak_indirme"
> http_access deny all ISTENMEYEN
>
>
> iptables ayrintilari
> ===================
> iptables -F
> modprobe ip_tables
> modprobe ip_conntrack
> #modprobe ip_conntrack_ftp
> modprobe iptable_nat
> insmod ip_nat_ftp
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j
> DNAT --to
> 192.168.202.0:3128
>
> #ping isteklerini engelle
> iptables -A INPUT -s 0/0 -p icmp -j DROP
>
> #Syn-flood korumasi
> iptables -A FORWARD -p tcp --syn -m limit --limit
> 1/s -j ACCEPT
>
> #Port scanner korumasi
> iptables -A FORWARD -p tcp --tcp-flags
> SYN,ACK,FIN,RST RST -m limit --limit
> 1/s -j ACCEPT
>
> #ping of death
> iptables -A FORWARD -p icmp --icmp-type echo-request
> -m limit --limit 1/s -j
> ACCEPT
>
> #ip yasaklama
> #iptables -A INPUT -s 192.168.202.84 -j DROP # gr-1
>
> #MAC adresine gore ip yasaklama...
> #iptables -I INPUT -m mac --mac-source
> 00:05:1c:09:ac:96 -j DROP #B gr-1
>
> #telnet yasaklama
> #iptables -A INPUT -s 0/0 -p tcp --destination-port
> 7070 -j DROP
>
> #napster
> iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24
> -p tcp --dport 41031:41900
> -j REJECT
>
> #direct tv
> iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24
> -p tcp --dport 3334:3337 -j
> REJECT
>
> #media player
> iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24
> -p tcp --dport 1755 -j
> REJECT
>
> #real player
> iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24
> -p tcp --dport 554 -j
> REJECT
>
> iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24
> -p tcp --dport 7070 -j
> REJECT
>
> #audio galaxy
> iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24
> -p tcp --dport 6699:6700 -j
> REJECT
>
> #audio galaxy
> iptables -A FORWARD -s 0/0 -d ! 192.168.202.202/24
> -p tcp --dport 1080 -j
> REJECT
>
> #ip ye telnet yasaklama...
> #--iptables -A INPUT -s 0/0 -p tcp
> --destination-port telnet -j DROP
> ==================
>
> --
> Slackware 9.0
> Zafer BAHADIR
> Bursa Hakimiyet Gazetesi
>
>
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com