Re: iptables rule to block when DNAT is used
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
On Tuesday 08 April 2003 03:04, Hanasaki JiJi wrote:
> Firewall has rules to DNAT incoming traffic to a port on a DMZ box.
>
> how can an iptable rule be written to block some ip addresses before
> they get to the rules
> iptables -t mangle -A FORWARD
> AND
> iptables -t nat -A PREROUTING
> ???
PREROUTING must be, and only can be, filtered in the FORWARD hook.
Best Regards
Victor
- --
- --
Abril
Uno de los peores meses para andar metiendo al mundo en guerras absurdas
El resto de meses del mismo tipo son: Enero, Febrero, Marzo, Mayo, Junio,
Julio, Agosto, Septiembre, Octubre, Noviembre y Diciembre.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+knyiEzqHF8R72ekRAhJbAJ0S5YhNetjHVdcPQBig+bA+kZuY7wCcC6Vp
0U4t3oX9eF87aao/0rOgr5w=
=v7r3
-----END PGP SIGNATURE-----
Reply to: