iptables -A FORWARD -p TCP -i ${INSIDE_IP} --dport 27374 -j LOG
iptables -A FORWARD -p UDP -i ${INSIDE_IP} --dport 27374 -j LOG
iptables -A FORWARD -p TCP -i ${INSIDE_IP} --dport 27374 -j DROP
iptables -A FORWARD -p UDP -i ${INSIDE_IP} --dport 27374 -j DROP
there are better solutions for sure, but this one is simple and writes a log of every atempt to /var/log/syslog before dropping it
however I think you can't use IP addresses with -i. use names (eth0, eth1 instead.
Pascal
Em Mon, 19 Aug 2002 12:43:59 +1000, você escreveu:
> Hi List,
>
> Just wondering if I can get confirmation on an iptables rule, I'm trying
> to drop all packets coming from my network that are destined for port
> 27374 on an outside network. This is what I have:
>
> iptables -A FORWARD -p TCP -i ${INSIDE_IP} --dport 27374 -j DROP
> iptables -A FORWARD -p UDP -i ${INSIDE_IP} --dport 27374 -j DROP
>
> This shows up when I do 'iptables -L' as I think it should, I'm just not
> sure if it's working correctly (trying to test it at the moment).
>
> Regards,
>
> Lucas
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Attachment:
pgpSJ2UUfJHy0.pgp
Description: PGP signature