[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking internet Access

To: luci-discuss@luci.org
Subject: Re: Blocking internet Access
From: "Bryan J. Smith" <b.j.smith@ieee.org>
Date: Tue, 20 Sep 2005 18:35:56 -0700 (PDT)
In-Reply-To: <18992885.1127266113444.JavaMail.root@asandir.grossner.net>
Organization: Linux Users of Central Illinois
Reply-To: b.j.smith@ieee.org
Sender: luci-discuss-owner@luci.org

Tim Grossner <tim@grossner.net> wrote:
> Its tricky, but I imagine you can do something with
> IPTables.

Shouldn't be tricky.  The gateway system blocks anything not
destined for a corporate network.  If the corporate network
is one contiguous block, then it's one line.  If it is
multiple, non-contiguous subnets, then it's several "ACCEPT"
lines for each, contiguous block, followed by a "DENY".

> Is the plant network on an individual or select
> group of subnets? If so, you could have a set of specific
> routes in the routing table, then do a static default route
> that goes to your loopback to blackhole any un-wanted
> outbound traffic.

That's what I always recommend when you are moving data
internally on a corporate network, use routes -- be they
static, or dynamic.  Work with your network administrators.

-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith@ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Re: Blocking internet Access
  - From: Tim Grossner <tim@grossner.net>

Prev by Date: Re: Blocking internet Access
Next by Date: Airo 350 woes
Prev by thread: Re: Blocking internet Access
Next by thread: Concernng the last meeting
Index(es):
- Date
- Thread