From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1Eb90g-0001cF-Gi for garchives@archives.gentoo.org; Sun, 13 Nov 2005 03:58:30 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAD3va1r013763; Sun, 13 Nov 2005 03:57:36 GMT Received: from Princeton.EDU (postoffice02.Princeton.EDU [128.112.130.38]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAD3rn3o018206 for ; Sun, 13 Nov 2005 03:53:50 GMT Received: from smtpserver1.Princeton.EDU (smtpserver1.Princeton.EDU [128.112.129.65]) by Princeton.EDU (8.12.9/8.12.9) with ESMTP id jAD3rnrC001472 for ; Sat, 12 Nov 2005 22:53:49 -0500 (EST) Received: from sep.dynalias.net (fez.Princeton.EDU [128.112.129.190]) (authenticated bits=0) by smtpserver1.Princeton.EDU (8.12.9/8.12.9) with ESMTP id jAD3rmjJ020102 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for ; Sat, 12 Nov 2005 22:53:48 -0500 (EST) Received: by sep.dynalias.net (Postfix, from userid 1001) id 295664608C7; Sat, 12 Nov 2005 22:54:10 -0500 (EST) Date: Sat, 12 Nov 2005 22:54:10 -0500 From: Willie Wong To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: [Iptables related] How to make one machine only talk on loc lan Message-ID: <20051113035410.GA3537@princeton.edu> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <871x1lsamp.fsf@newsguy.com> <200511121717.40496.john@jolet.net> <873bm1gyb5.fsf@newsguy.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <873bm1gyb5.fsf@newsguy.com> User-Agent: Mutt/1.5.8i X-Archives-Salt: 744fa8f9-6107-4560-a265-16e4f59a6473 X-Archives-Hash: 121d4f95426f367e49a760dd01ac39e2 On Sat, Nov 12, 2005 at 06:56:46PM -0600, Harry Putnam wrote: > Do you mean to bock every address on the internet? I'm not following > you hear. Further I don't see an option to block ip addresses in the > blocking section at all. Only by keywords. Yes, the netgear will do it. My crappy netgear router will, so your much higher end machines will too. > > Are we looking at the same router? > (here is it FVS318) > I see: > > # Security Logs > # Block Sites > # Block Service This is the one. Block service allow you to specify which LOCAL ip addresses you want to limit the service for. Just set up static ip for machines 3-5 (or DHCP with fixed ip addresses for those machines based on hardware address). Set the blocking schedule to always. For ALL services you find in the list, supply the ips for those three machines. W -- "The last time anybody made a list of the top hundred character attributes of New Yorkers, common sense snuck in at number 79. .... When it's fall in New York, the air smells as if someone's been frying goats in it, and if you are keen to breathe the best plan is to open a window and stick your head in a building." - Nuff said?? Sortir en Pantoufles: up 20:10 -- gentoo-user@gentoo.org mailing list