Re: iptables "whitelist" rule

To: debian-user@lists.debian.org
Subject: Re: iptables "whitelist" rule
From: Kevin Buhr <buhr+debian@asaurus.net>
Date: Sun, 04 May 2008 14:29:43 -0500
Message-id: <[🔎] 87y76px3yw.fsf@buddha.mad.asaurus.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1209920266.4476.71.camel@osmosis.gnet.eu> (raven@vp44.net's message of "Sun, 04 May 2008 18:57:46 +0200")
References: <[🔎] 1209920266.4476.71.camel@osmosis.gnet.eu>

Raven <raven@vp44.net> writes:
>
> Now I want to be able to run the amuled daemon ON the debian router but
> I am not really sure how to tell iptables to whitelist the traffic that
> is not being forwarded.
> In other words, the ipp2p module should not drop the packets originating
> from/destinated to the router itself.

[ . . . ]

> # Block P2P
> iptables -A FORWARD -m ipp2p --ipp2p -j DROP
> iptables -A INPUT -m ipp2p --ipp2p -j DROP
> iptables -A OUTPUT -m ipp2p --ipp2p -j DROP

I haven't used "ipp2p" before, but if you delete the INPUT and OUTPUT
rules and keep the FORWARD rule, I think that would do what you want.
Packets to and from the amuled daemon (whether from the Internet,
wireless nodes, or whatever) will pass through the INPUT and OUTPUT
tables and be permitted, but P2P packets between wireless nodes and
the big, bad Internet will pass through the FORWARD table and be
dropped by the remaining rule.

-- 
Kevin Buhr <buhr+debian@asaurus.net>

Reply to:

References:
- iptables "whitelist" rule
  - From: Raven <raven@vp44.net>

Prev by Date: Re: making a fileserver
Next by Date: Re: usb to serial
Previous by thread: iptables "whitelist" rule
Next by thread: Re: iptables "whitelist" rule
Index(es):
- Date
- Thread