wilterp
(usa Linux Mint)
Enviado em 17/01/2007 - 13:45h
Amigo aqui na empresa so consegui bloquear pelo iptables mas funcionou legal vou mandar as linhas completas do servidor vou colocar meu /etc/rc.d/rc.local inteiro ok
touch /var/locksubsys/local
echo 1 >/proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A PREROUTING -i ethx -p tcp --dport 80 -j REDIRECT --to-port 3128
/sbin/iptables -t nat -A PREROUTING -i ethx -p tcp --dport 8080 -j REDIRECT --to-port 3128
#/sbin/iptables -t filter -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j DROP
/sbin/iptables -t nat -A POSTROUTING -o ethx -j MASQUERADE
/sbin/iptables -t filter -A INPUT -s 192.168.0.0/24 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -s 192.168.0.0/24 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p icmp -s 192.168.0.0/24 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -d
www.orkut.com -p tcp --dport 443 -j DROP
/sbin/iptables -t filter -A INPUT -d
www.orkut.com -p tcp --dport 443 -j DROP
/sbin/iptables -t filter -A FORWARD -d orkut.com -p tcp --deport 433 -j DROP
/sbin/iptables -t filter -A INPUT -d orkut.com -p tcp --dport 443 -j DROP
/sbin/iptables -t filter -A OUTPUT -d
www.orkut.com -p tcp --dport 443 -j DROP
#/sbin/iptables -t filter -A INPUT -d 207.46.1.0/24 -j DROP
#/sbin/iptables -t filter -A FORWARD -d 207.46.1.0/24 -j DROP
#/sbin/iptables -t filter -A OUTPUT -d 207.46.1.0/24 -j DROP
#/sbin/iptables -t filter -A FORWARD -d 192.168.0.2/24 -d loginnet.passport.com -j DROP
Fiz desta forma, mas não funcionou ao carregar o iptables recebo a seguinte mensagem: "invalid mask". Testei nas seguintes distribuições: Debian, Conectiva, Suse, Slackware. Qual foi a versão do iptables que vc's usaram.