Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Restrict OpenSuSE network traffic to a subnet



Forgot to CC BLU on this one.
-John



Dsr,
I want a SuSE machine to be restricted to a single IP subnet, say 
234.45.* for inbound and outbound, for all services.
I had a machine running a Wiki that had a nasty script put on it.
So I am going to rebuild the machine and change the Wiki to prevent this.
Before I do that, I want to play with the script and see what whoever 
put this script on had access to do.
While I am playing with it, I do not want the machine to be able to 
access anything outside this subnet (yes, I am assuming that the 
perpetrator does not have access to this subnet).
At first I wanted to limit traffic to/from a single machine for the 
testing but then I thought using a subnet would be nice so that I can 
scp data over to another machine before the rebuild without changing the 
settings again.

I started looking at the Yast firewall but I did not see any options for 
doing this.
Then I looked in /etc/sysconfig/scripts and tried changing the 
SuSEfirewall2-custom but that did not seem to work.
While I was looking at this, I also started wondering if there is an 
easier way, like with the routing tables or something.
I do not control the network, so I can't do anything with that.
Does this help?
-John


dsr at tao.merseine.nu wrote:
> On Mon, Dec 18, 2006 at 02:26:05PM -0500, John Westcott IV wrote:
>   
>> What is the easiest way in OpenSuSE 10 to limit network traffic to a 
>> single subnet?
>>     
>
> You're going to have to explain what you want.
>
> IP subnet or ethernet collision domain?
> Inbound or outbound or both?
> For a single service or for everything?
>
> Why do you think this is the right answer to your problem? What
> is your problem?
>
> -dsr-
>
>   

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org