How can i block access to the whole internet except for a specific IP and an URL?
I’ve tried with hosts.allow and hosts.deny files (which, from what i’ve read, are deprecated - which may explain why it didn’t work) and with Gufw (which was able to block everything but i was never able to allow those two exceptions)
is there a simple and easy way to do this quickly?
I think both… i want to block 2 users from acessing the internet (and whit that block them from downloading files, from accessing facebook, youtube and everything else) however i want them to be allowed to access an internal IP (our system) and one internet website. They also must be able to use the internal network!
Are you using an openSUSE box as a firewall/router through which all connections are made? Are the clients you wish to block from using the net using static IPs or do you want to blanket ban all external IPs from LAN -> WAN?
They have really easy explanation as to what they do and these could be placed in the startup files of openSUSE (for example /etc/init.d/boot.local or boot.after ) and can only be modified with sudo/root permissions.
The easiest method of course would be to have a dedicated firewall box/router that manages the network traffic. I find it curious that your existing one wouldn’t have firewall functionality that would allow you to block outgoing traffic.
I will try again - at least, as soon as i get back to the computer in question and after beeing able to get gufw working again (after i was only able to block all or unblock all - the app started to not run at all the few last times i tried it - after that i decided to remove gufw)
can you give me the steps to block all except on IP the field i need to config with which values?
On 03/05/2015 02:16 PM, Miuku wrote:
> What is your current setup like?
> Are you using an openSUSE box as a firewall/router through which all
> connections are made? Are the clients you wish to block from using the
> net using static IPs or do you want to blanket ban all external IPs from
> LAN -> WAN?
My cheap ISP provided DSL/router can do this. Have you looked at the
settings in your router?
Yes, that was my firt approach. Unfortunantely our not-so-cheap ISP provided router does not allow white/blacklisting sites. This would be the ideal solution because i could block it all in one place. But, beside providing internet and getting into our pockets, that router does not do anything else efficientely…
@Miuku - i’m not able to test anything today (or during the weekend) because i’m not in place. Next week i’ll drop a line about how it turned out
If you want something very non-technical for only a few machines you have local physical access, recommend you just Google “parental controls internet linux”
Note that typically any results from the above search requires you to “touch” every client machine. If you want to manage Internet access without touching boxes, then you need to install a “critical node” box (which can be a Linux box) inside of your ISP’s Internet Gateway device. You can then filter, manipulate, monitor and manage any traffic that passes through the box.
Patches come from the Update repos (two of them, one for OSS and one for non-OSS). And of course every other repo will be able to offer you updates of the packages you have from them. Thus there ae at least as many IP addresses involved as the number of Enabled repositories.
henk@boven:~> host 126.96.36.199
188.8.131.52.in-addr.arpa domain name pointer stage.opensuse.org.
On 03/13/2015 07:56 AM, hcvv wrote:
> SpeccyMan;2699493 Wrote:
>> Ok… I was able to get it working.
>> Now, i would like to know just one last thing: how do i allow system
>> Isn’t the 184.108.40.206 the IP for the updates?
> Patches come from the Update repos (two of them, one for OSS and one for
> non-OSS). And of course every other repo will be able to offer you
> updates of the packages you have from them. Thus there ae at least as
> many IP addresses involved as the number of Enabled repositories.
Shouldn’t this be:
There are at least as many ip address are there are mirrors for openSuSE.