friends + proxy + iptables

Discussion in 'Tomato Firmware' started by edylie, Aug 11, 2008.

    I am letting my friends to access my srelay proxy but i do not wish them to use it for bitorrents or access certain destination IP

    IE lets say i wanna allow my friends to access port 80 and 53 when connecting to Srelay ...

    Anyone has built a similar iptables before?
    this is what i have gotten so far and it works :)

    iptables -P INPUT DROP
    iptables -P OUTPUT DROP

    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT

    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT

    iptables -A OUTPUT -p TCP -m multiport --dports 80,443,53 -m state --state NEW -j ACCEPT

    iptables -A OUTPUT -p UDP --dport 53 -m state --state NEW -j ACCEPT

