On Thu, May 29, 2003 at 11:19:24PM -0500, Hanasaki JiJi wrote: > I have a nat postrouting rule that passes traffice from the outside > world to an internal host to handle port 80 (webserver) > > there are also rules to drop certain source addresses yet these > addresses are still coming through This is because iptables sees the natted addresses... > how can they be dropped? not sure, but I think that it'll work when you specify the outside interface... For example: if you want to drop the http requests from w.x.y.z then your rule should look like: iptables -A FORWARD -i <your external interface> -s w.x.y.z -p tcp --dport 80 -j DROP Again: I am not sure of this to work, but it might be worth a shot. Hope this helps, Kristof -- Digital fingerprint: F56F F987 0E0C AFF8 0B6D 7CA1 F152 E07D 72AF 337B
Attachment:
pgpPCdmCwpXvh.pgp
Description: PGP signature