Re: iptables-save/restore with dynamic IP
martin f krafft wrote:
Uh, ANY always holds, so it does not matter if you leave out the
destination address. FWIW, destination IPs *cannot* be spoofed.
Also, I am not sure you understand iptables correctly. If you
specify two criteria in a rule, then they both have to hold. If you
want to implement OR, you need two rules.
What I was trying to do: if one criterium for ACCEPT could be met by an
attacker by spoofing, the other would still hold and let the packet
carry on down the chains to be rejected ;-)
setups in which a LAN and a gateway with just one NIC were sharing a
What's a gateway with just one NIC?
PPPoE (WAN) on ppp0 and TCP/IP (LAN) on eth0 - both on the same physical
NIC. It's as bad as it gets but if You have to make due with the
hardware that's there... I do strongly recommend to those people to go
and buy another NIC which they never do - M$-users, as long as it works
it can't be wrong ~:-/