[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking internet Access



Tim Grossner <tim@grossner.net> wrote:
> Its tricky, but I imagine you can do something with
> IPTables.

Shouldn't be tricky.  The gateway system blocks anything not
destined for a corporate network.  If the corporate network
is one contiguous block, then it's one line.  If it is
multiple, non-contiguous subnets, then it's several "ACCEPT"
lines for each, contiguous block, followed by a "DENY".

> Is the plant network on an individual or select
> group of subnets? If so, you could have a set of specific
> routes in the routing table, then do a static default route
> that goes to your loopback to blackhole any un-wanted
> outbound traffic.

That's what I always recommend when you are moving data
internally on a corporate network, use routes -- be they
static, or dynamic.  Work with your network administrators.



-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith@ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.