Re: iptables rules

To: List - Debian Security <debian-security@lists.debian.org>
Subject: Re: iptables rules
From: "David Hardne" <dh@cybe.net>
Date: Fri, 30 May 2003 09:05:05 +0200
Message-id: <20030530070505.GA16984@kato.cybe.net>
Mail-followup-to: List - Debian Security <debian-security@lists.debian.org>
In-reply-to: <3ED6DBCC.9000708@hanaden.com>
References: <3ED6DBCC.9000708@hanaden.com>

 Hanasaki JiJi wrote on May 29, 2003 at 11:19:24 PM:
> I have a nat postrouting rule that passes traffice from the outside 
> world to an internal host to handle port 80 (webserver)
> 
> there are also rules to drop certain source addresses yet these 
> addresses are still coming through
> 
> how can they be dropped?
> 
> thanks
> 

I would like to recommend:

http://iptables-tutorial.frozentux.net/chunkyhtml/traversingoftables.html

DNAT is typically done in the -t nat PREROUTING chain, and filtering of
said traffic is done in the filter table, FORWARD chain.

Regards,

-- 
 .- David Hardne <dhcybe.net>
 `-- wget -O- cybe.net/dh|gpg --import

Reply to:

References:
- iptables rule to drop from sources that are -nat postrouting from the outside to inside
  - From: Hanasaki JiJi <hanasaki@hanaden.com>

Prev by Date: Re: iptables rule to drop from sources that are -nat postrouting from the outside to inside
Next by Date: Re: iptables rule to drop from sources that are -nat postrouting from the outside to inside
Previous by thread: Re: iptables rule to drop from sources that are -nat postrouting from the outside to inside
Next by thread: "chroot" + "mount --bind" + "ln" _or_ "chroot" + "cp -a"?
Index(es):
- Date
- Thread