[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables-save/restore with dynamic IP

also sprach Martin G.H. Minkler <dukeofnukem@gmx.net> [2004.10.21.1532 +0200]:
> The basic idea was to double-latch things, if one criterium could
> be spoofed the other would still hold.

Uh, ANY always holds, so it does not matter if you leave out the
destination address. FWIW, destination IPs *cannot* be spoofed.

Also, I am not sure you understand iptables correctly. If you
specify two criteria in a rule, then they both have to hold. If you
want to implement OR, you need two rules.

> setups in which a LAN and a gateway with just one NIC were sharing a 

What's a gateway with just one NIC?

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: