Summary: extending ipmasq?
I queried:
> I'm using the default setup of potato's ipmasq package between
> my public eth0 and private eth1 interfaces. How to change it
> to deny a public service to an unfriendly network?
Starting off with /etc/ipmasq/rules/I90external.def, copying it to
I90external.rul, and inserting:
$IPCHAINS -A input -j DENY -i $i -d $IPOFIF/32 \
-p tcp -s 62.59.0.0/16 --destination-port 53
between:
ipchains)
$IPCHAINS -A input -j ACCEPT -i $i -d $IPOFIF/32
seems to work -- dropping only the unwanted connections. So I've added a
"-p udp" rule, too.
Tod
abl.com
Reply to: