[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables and INVALID packet filtering.

Hi David.

Should be fine? So, you are not 100 percent sure? Okay, just
kidding (but who knows?) ;-)

Listen David, I have one more question regarding to antispoof.
As we know, typical rule can look, more or less, this way;

> iptables -A INPUT -s -j DROP etc.

But recently I came across on pretty strange rule also for
antispoof. This rule, concerns 'nat' table and PREROUTING chain;

> iptables -t nat -I PREROUTING 1 -i xx -s -j DROP

So, what do you think? Using PREROUTING chain is good for
antispoof or it is better to use rule mentioned above (INPUT chain)?

Reply to: