Re: [fw-wiz] ip range with iptables

From: Magosányi Árpád (mag@bunuel.tii.matav.hu)
Date: 04/19/03

  • Next message: Dave Piscitello: "[fw-wiz] Sonicwall hangs - familiar?" 
    To: "Wijaya, J." <wijayaj@gmx.net>
From: mag@bunuel.tii.matav.hu (Magosányi Árpád)
Date: Sat, 19 Apr 2003 13:23:37 +0000

    A levelezőm azt hiszi, hogy Wijaya, J. a következőeket írta:
    > I am trying to block yahoo messenger for my LAN, but only on certain ip
    > range, how can i do this? i already read some articles that we can't do
    > this with iptables, but is there any other way to work around this task??

    I have ran into the problem just two days ago. József Kadlecsik made some
    vague promise-like statements to the phone about writing a match for the
    ip range case.
    Until that I wrote some code to break a range into multiple proper subnets.
    You can find the relevant python code attached.
    This code is a snippet from a greater project which is not yet ready
    for release (a new decision layer for Zorp, which is multilevel secure,
    can handle data paths through multiple firewalls, with intelligent
    en- and decapsulation, and hides the technicalities from the firewall
    admin). What you should know to reuse this code that a
    InetBrick represents a ip and port range ((minip,maxip),(minport,maxport)),
    and that this information is in the brick's "dim" attribute.

    I will release the whole thing (GPLed, of course) as soon as it will be
    able to pass a plug through. I hope it will be in the next week. 

    -- 
GNU GPL: csak tiszta forrásból

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Dave Piscitello: "[fw-wiz] Sonicwall hangs - familiar?"

    Relevant Pages

    • Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also
      ... a 'high bandwidth' server farm on the Internet is generally doing traffic in the tens to hundreds of Mb/sec, a 'high bandwidth' server on a LAN is probably connected to multple 100Mb or 1Gb ethernets. ... In both the Internet and LAN environments I lean towards multiple smaller firewalls, each doing one thing as opposed to a large firewall doing it all. ... in general I don't think that people realize this, the mentality seems to be 'I need a big, scaleable firewall to protect my Internet servers' and at the same time 'oh, that's only on the lan, it doesn't need a big firewall to protect it'. ... and it's impossible to answer anything about scalability without knowing ...
      (Firewall-Wizards)
    • Re: iptables - newbie
      ... > I have been using Linux Firewalls, ... > copy the iptables scripts, lots of missing or in correct info. ... > I have an internal lan that I'd like to protect with iptables. ...
      (comp.os.linux.networking)
    • P2P apps & filewalls
      ... I'm just trying to figure out how these P2P apps work behind firewalls? ... PC is on a LAN, I have server connected to the Net which serves the LAN ... Internet access using NAT software. ... the two PCs talk directly to each other? ...
      (comp.security.misc)
    • P2P apps & firewalls
      ... I'm just trying to figure out how these P2P apps work behind firewalls? ... PC is on a LAN, I have server connected to the Net which serves the LAN ... Internet access using NAT software. ... the two PCs talk directly to each other? ...
      (comp.security.firewalls)
    • Re: Linksys router with xp network
      ... What firewalls did you turn off? ... and the mentioned ports only opened for the assigned ip addresses. ... Don't disable SSID broadcast - some configurations require the SSID broadcast. ... Install a software firewall on every computer connected to a wireless LAN. ...
      (microsoft.public.windowsxp.network_web)