Control DropBox access with iptables « Ciuly's Blog

Control DropBox access with iptables

I have a few VMs on my network which do not require internet access. However I received a requirement to allow dropbox on them.
My iptables rules are configured to either allow full internet, or one at all.
So After some poking around, I managed to set up forward rules so that specific VMs get dropbox. from here: http://superuser.com/a/1056155/70234
a basic iptables for this scneario looks like this:
*filter :partinet - [0:0] :dropbox - [0:0] -A partinet -p icmp -j ACCEPT


-A dropbox -p tcp -d 162.125.32.129 -j ACCEPT

-A dropbox -p tcp -s 162.125.32.129 -j ACCEPT

-A dropbox -p tcp -d 162.125.17.131 -j ACCEPT

-A dropbox -p tcp -s 162.125.17.131 -j ACCEPT
-A FORWARD -s 192.168.1.x -j partinet

-A FORWARD -d 192.168.1.x -j partinet

-A FORWARD -s 192.168.1.x -j dropbox

-A FORWARD -d 192.168.1.x -j dropbox

COMMIT

and in order to properly support all/most dropbox IPs, I found this blog: https://blog.varonis.com/detect-dropbox-network/ which pointed me to http://whois.arin.net/rest/org/DROPB/nets
so I computed the following iptables rules for my dropbox chain (the list needs to be maintained, of course. I may or may not write a script to automate the creation of these rules based on the arin.net page):
-A dropbox -i eth1 -o eth0 -p tcp -d 162.125.0.0/16 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 162.125.0.0/16 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 199.47.216.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 162.47.216.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 199.47.217.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 162.47.217.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 199.47.218.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 162.47.218.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 199.47.219.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 162.47.219.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.160.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.160.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.161.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.161.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.162.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.162.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.163.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.163.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.164.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.164.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.165.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.165.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.166.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.166.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.167.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.167.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.168.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.168.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.169.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.169.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.170.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.170.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.171.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.171.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.172.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.172.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.173.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.173.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.174.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.174.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 108.160.175.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 108.160.175.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 205.189.0.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 205.189.0.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 209.99.70.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 209.99.70.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.64.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.64.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.65.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.65.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.66.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.66.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.67.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.67.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.68.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.68.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.69.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.69.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.70.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.70.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.71.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.71.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.72.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.72.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.73.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.73.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.74.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.74.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.75.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.75.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.76.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.76.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.77.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.77.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.78.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.78.0/24 -j ACCEPT -A dropbox -i eth1 -o eth0 -p tcp -d 45.58.79.0/24 -j ACCEPT -A dropbox -i eth0 -o eth1 -p tcp -s 45.53.79.0/24 -j ACCEPT

Bookmark It

Hide Sites

Tags: iptables

This entry was posted on Thursday, March 24th, 2016 at 5:25 pm and is filed under Internet, Linux-Administration, my server. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Ciuly's Blog – Reinventing the wheel

Control DropBox access with iptables

Related posts

Leave a Reply