Blocking Domains (or IPs) for Masq.'ed boxes via IPTABLES

[malcoholio]

Hey Forum,

Struggling with an issue and looking for help. I run a RH7.3 box that serves as a firewall for a number of other computers on the inside. I used Bob Sully's firewall scripts and configuration ( Link: http://www.malibyte.net/iptables/scripts/fwscripts.html ). The firewall is great, fast efficient, and easy to set-up.

However, I have a need to block certain sights from my internal clients. I don't want to use proxy, because the users have figured out how to get around it. What I would like to do is just have the firewall drop all connections to certain ips.

The firewall scripts allow for this by having a iptables.banned file where you can list any IP's that you want dropped, here is the excerpt from the code that works with the iptables.banned file;

#
# This chain drops connections from IPs in the firewall.banned file
#

iptables -N Banned

iptables -A Banned -p tcp -m limit --limit 1/s -j LOG --log-prefix "[TCP Banned] " --log-level=info
iptables -A Banned -p udp -m limit --limit 1/s -j LOG --log-prefix "[UDP Banned] " --log-level=info
iptables -A Banned -p icmp -m limit --limit 1/s -j LOG --log-prefix "[ICMP Banned] " --log-level=info
iptables -A Banned -f -m limit --limit 1/s -j LOG --log-prefix "[FRAG Banned] " --log-level=info
iptables -A Banned -j DROP


What I have found is that when I enter IP's in the .banned file, it works like a charm for the Firewall box ONLY. Any computers on Masqued on the inside can still connect without a problem.

Any ideas on what I can do to lock out the internal clients?

Thanks in advance.

-holio.

[malcoholio]

Nevermind.

I contacted Mr Sully, and he sent me the latest version of the script, and now it works like a charm!