At 10.12.2001, mdevin wrote: > On Mon, Dec 10, 2001 at 09:31:09AM +0200, Berend De Schouwer wrote: [...] > > I'm not the original author, but I use ! <interface> too. > > > > Using ! <destination> would break ip forwarding. If your box is a > > gateway/router/firewall, it will drop all packets not destined for > > 192.168.0.1 (itself). Exactly ;-) > OK, I see the problem. However, I think this only applies to ipchains > where forwarded packets traverse the input and output chains. I am not very experienced with iptables but i dont know why you tell something from forward chains and masq? > Sorry, I was transposing my thoughts into ipchains rules. Actually my > firewall is iptables based. In iptables, packets that are being > masqueraded traverse only the FORWARD chain and not the INPUT or OUTPUT > chains. Thus if the rule was: > iptables -A INPUT -i eth0 ! -d 192.168.0.1 -j DROP > this should be OK I guess. Since packets on the INPUT are destined only > to localhost. Pakets came from the externel interface from a ip address from this externel network will be masqeraded? I think the will not! Regards, Guido
Attachment:
pgpdmY4SLcx1A.pgp
Description: PGP signature