martin f krafft wrote:
Uh, ANY always holds, so it does not matter if you leave out the destination address. FWIW, destination IPs *cannot* be spoofed. Also, I am not sure you understand iptables correctly. If you specify two criteria in a rule, then they both have to hold. If you want to implement OR, you need two rules.
What I was trying to do: if one criterium for ACCEPT could be met by an attacker by spoofing, the other would still hold and let the packet carry on down the chains to be rejected ;-)
setups in which a LAN and a gateway with just one NIC were sharing aWhat's a gateway with just one NIC?
PPPoE (WAN) on ppp0 and TCP/IP (LAN) on eth0 - both on the same physical NIC. It's as bad as it gets but if You have to make due with the hardware that's there... I do strongly recommend to those people to go and buy another NIC which they never do - M$-users, as long as it works it can't be wrong ~:-/
regards Martin