4

My network address is 192.168.5.0. My host machine is 192.168.5.1 and my client machine is 192.168.5.2. How will I enable my client to ping the internet through the terminal but restrict it from accesing port 80 or the browser? Below is my /etc/shorewall/policy file :

SOURCE    DEST    POLICY    LOGLEVEL   RATE    CONNLIMIT

loc       net     ACCEPT

net       all     DROP      info

/etc/shorewall/rules file:

DROP    loc    fw    tcp   80

/etc/shorewall/interfaces file :

net   eth0
loc   eth1

Host Interfaces:

eth0 - Connection to the internet
eth1 - Local Network Connection
fixer1234
  • 28,064
alyssaeliyah
  • 119

1 Answers1

1

Blocking the browser is different than blocking ports. You can't block applications with shorewall. You could uninstall browsers from the system.

If you just want to block webpage traffic You will need to block more than just port 80

?SECTION ALL
DROP    -    -    tcp   80,443,8080,8443,8008

NOTE: This will not stop crafy users who can configure a proxy or connect to other non-standard ports.

Ideally you would want to block all HTTP(s) traffic regardless of port. That could be done with a network security device that can handle protocol detection.

HackSlash
  • 5,015