Re: iptables rule to block when DNAT is used

To: List - Debian Security <debian-security@lists.debian.org>
Subject: Re: iptables rule to block when DNAT is used
From: Victor Calzado Mayo <vcalzado@cnio.es>
Date: Tue, 8 Apr 2003 09:39:14 +0200
Message-id: <[🔎] 200304080939.14933@asterisios>
In-reply-to: <[🔎] 3E92201E.40303@hanaden.com>
References: <[🔎] 3E92201E.40303@hanaden.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi
On Tuesday 08 April 2003 03:04, Hanasaki JiJi wrote:
> Firewall has rules to DNAT incoming traffic to a port on a DMZ box.
>
> how can an iptable rule be written to block some ip addresses before
> they get to the rules
> 	iptables -t mangle -A FORWARD
> 		AND
> 	iptables -t nat -A PREROUTING
> ???

PREROUTING must be, and only can be, filtered in the FORWARD hook.

Best Regards
Victor



- -- 
- --
Abril
Uno de los peores meses para andar metiendo al mundo en guerras absurdas
El resto de meses del mismo tipo son: Enero, Febrero, Marzo, Mayo, Junio, 
Julio, Agosto, Septiembre, Octubre, Noviembre y Diciembre. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+knyiEzqHF8R72ekRAhJbAJ0S5YhNetjHVdcPQBig+bA+kZuY7wCcC6Vp
0U4t3oX9eF87aao/0rOgr5w=
=v7r3
-----END PGP SIGNATURE-----

Reply to:

References:
- iptables rule to block when DNAT is used
  - From: Hanasaki JiJi <hanasaki@hanaden.com>

Prev by Date: Apache: How to prevent from accessing webdav through http?
Next by Date: [no subject]
Previous by thread: iptables rule to block when DNAT is used
Next by thread: Re: iptables rule to block when DNAT is used
Index(es):
- Date
- Thread