Re: [Lug-bg] iptables blocklist
- Subject: Re: [Lug-bg] iptables blocklist
- From: Vasil Kolev <vasil@xxxxxxxxxx>
- Date: Mon, 03 Sep 2007 12:00:48 +0300
В пн, 2007-09-03 в 11:35 +0300, Georgi Chorbadzhiyski написа:
> Around 09/03/07 11:23, boikov@xxxxxxxxx scribbled:
> > Hi,
> >
> > можеш да използваш и iproute2
> >
> > [root@masq-gw]# ip route add prohibit 209.10.26.51
> > [root@tristan]# ssh 209.10.26.51
> > ssh: connect to address 209.10.26.51 port 22: No route to host
> > [root@masq-gw]# tcpdump -nnq -i eth2
> > tcpdump: listening on eth2
> > 22:13:13.740406 192.168.99.35.51973 > 209.10.26.51.22: tcp 0 (DF)
> > 22:13:13.740714 192.168.99.254 > 192.168.99.35: icmp: host
> > 209.10.26.51 unreachable - admin prohibited filter [tos 0xc0]
> >
> > http://linux-ip.net/html/tools-ip-route.html
>
> Още по-готино, защото заема много по-малко ресурс от iptables
> решението.
>
А може просто да се сложи един squid като прозрачно proxy и да се
филтрира по име на domain-а в заявката, вместо да се ходи на по-ниските
слоеве на мрежовия модел, дето тия неща ги няма...
Attachment:
signature.asc
Description: =?UTF-8?Q?=D0=A2=D0=BE=D0=B2=D0=B0?= =?UTF-8?Q?_=D0=B5?= =?UTF-8?Q?_=D1=86=D0=B8=D1=84=D1=80=D0=BE=D0=B2=D0=BE?= =?UTF-8?Q?_=D0=BF=D0=BE=D0=B4=D0=BF=D0=B8=D1=81=D0=B0=D0=BD=D0=B0?= =?UTF-8?Q?_=D1=87=D0=B0=D1=81=D1=82?= =?UTF-8?Q?_=D0=BE=D1=82?= =?UTF-8?Q?_=D0=BF=D0=B8=D1=81=D0=BC=D0=BE=D1=82=D0=BE?=
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg
|