[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables-save/restore with dynamic IP

martin f krafft wrote:

Uh, ANY always holds, so it does not matter if you leave out the
destination address. FWIW, destination IPs *cannot* be spoofed.

Also, I am not sure you understand iptables correctly. If you
specify two criteria in a rule, then they both have to hold. If you
want to implement OR, you need two rules.

What I was trying to do: if one criterium for ACCEPT could be met by an attacker by spoofing, the other would still hold and let the packet carry on down the chains to be rejected ;-)

setups in which a LAN and a gateway with just one NIC were sharing a

What's a gateway with just one NIC?

PPPoE (WAN) on ppp0 and TCP/IP (LAN) on eth0 - both on the same physical NIC. It's as bad as it gets but if You have to make due with the hardware that's there... I do strongly recommend to those people to go and buy another NIC which they never do - M$-users, as long as it works it can't be wrong ~:-/



Reply to: