Eu usava este script de bloqueio onde eu bloqueava o msn e a internet de alguns micros, ele funcionava perfeito no BFW 2.X, mais no 3.X nao consegui fazer ele funcionar. Eu ja coloquei ele como script de inicializacao e nao funcionaou alguem sabe me dizer pq, ou como posso fazaer ele funcionar ???
- Código: Selecionar todos
#Liberar MSN PARA IP X
iptables -t mangle -A POSTROUTING -s 192.168.200.3 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.3 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.123 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.123 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.5 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.123 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.124 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.124 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.125 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.125 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.126 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.126 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.200 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.200 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.17 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.17 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.201 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.201 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.209 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.209 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.253 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.253 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 192.168.200.111 -d 0/0 -m layer7 --l7proto msnmessenger -j ACCEPT
iptables -t mangle -A POSTROUTING -s 0/0 -d 192.168.200.253 -m layer7 --l7proto msnmessenger -j ACCEPT
#iptables -A FORWARD -s 192.168.0.5 -p tcp --dport 1863 -j ACCEPT
#iptables -A FORWARD -s 192.168.0.5 -d loginnet.passport.com -j ACCEPT
#iptables -A FORWARD -s 192.168.0.5 -d login.passport.net -j ACCEPT
#iptables -A FORWARD -s 192.168.0.5 -d rad.msn.com -j ACCEPT
#Bloquea MSN PARA TODOS (menos os liberados)
iptables -t mangle -A POSTROUTING -m layer7 --l7proto msnmessenger -j DROP
#Bloquear só Internet, outlook deixa funcionando
iptables -t nat -A PREROUTING -s 192.168.200.204 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.0
iptables -t nat -A PREROUTING -s 192.168.200.30 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.0
iptables -t nat -A PREROUTING -s 192.168.200.202 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.0
iptables -t nat -A PREROUTING -s 192.168.200.14 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.0
iptables -t nat -A PREROUTING -s 192.168.200.250 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.0