iptables question

Corey Edwards tensai at zmonkey.org
Mon Nov 3 16:22:19 MST 2008


On Mon, 2008-11-03 at 13:43 -0600, Nicholas Leippe wrote:
> On Monday 03 November 2008 11:35:13 am Mike Lovell wrote:
> > iptables -A FORWARD -s 192.168.1.2 -d 212.211.132.32 -j ACCEPT
> > <repeated a few times of ip addresses to white list>
> > iptables -A FORWARD -s 192.168.1.2 -d 0.0.0.0/0 -j DROP
> 
> Try:
> 
> iptables -A FORWARD -s 192.168.1.2 -j DROP
> 
> (w/o the -d 0.0.0.0/0)

I believe Nick is right. I would just add that on the LAN side of
things, I would REJECT rather than DROP. That'll save your host the
hassle of waiting for a timeout.

Corey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20081103/bf908c03/attachment.bin 


More information about the PLUG mailing list