iptables question

Mike Lovell mike at dev-zero.net
Mon Nov 3 20:39:11 MST 2008


Nicholas Leippe wrote:
> On Monday 03 November 2008 11:35:13 am Mike Lovell wrote:
>   
>> iptables -A FORWARD -s 192.168.1.2 -d 212.211.132.32 -j ACCEPT
>> <repeated a few times of ip addresses to white list>
>> iptables -A FORWARD -s 192.168.1.2 -d 0.0.0.0/0 -j DROP
>>     
>
> Try:
>
> iptables -A FORWARD -s 192.168.1.2 -j DROP
>
> (w/o the -d 0.0.0.0/0)
>
> Or, for an even better setup, just change the default policy on the FORWARD 
> chain itself:
>
> iptables -P FORWARD DROP
>
> (you'll need to explicitly set up all your allowed connections first)
>   
I tried doing the rule without the destination and traffic is still 
flowing. Also, the default policy for the FORWARD chain is already DROP. 
That is how OpenWRT does its default routing. It also does a lot of 
other things that I don't quite understand. I'll try to dig in a little 
more into that. But further suggestions are welcomed.

As for the suggestion to reinstall the OS, I'm not entirely sure how to 
go about that. The machine is a Linksys NSLU2 that I hacked and loaded 
Debian on. Things were touchy getting it installed so I'd rather try 
other solutions first. Thanks though.

Mike



More information about the PLUG mailing list