mike at dev-zero.net
Mon Nov 3 20:39:11 MST 2008
Nicholas Leippe wrote:
> On Monday 03 November 2008 11:35:13 am Mike Lovell wrote:
>> iptables -A FORWARD -s 192.168.1.2 -d 220.127.116.11 -j ACCEPT
>> <repeated a few times of ip addresses to white list>
>> iptables -A FORWARD -s 192.168.1.2 -d 0.0.0.0/0 -j DROP
> iptables -A FORWARD -s 192.168.1.2 -j DROP
> (w/o the -d 0.0.0.0/0)
> Or, for an even better setup, just change the default policy on the FORWARD
> chain itself:
> iptables -P FORWARD DROP
> (you'll need to explicitly set up all your allowed connections first)
I tried doing the rule without the destination and traffic is still
flowing. Also, the default policy for the FORWARD chain is already DROP.
That is how OpenWRT does its default routing. It also does a lot of
other things that I don't quite understand. I'll try to dig in a little
more into that. But further suggestions are welcomed.
As for the suggestion to reinstall the OS, I'm not entirely sure how to
go about that. The machine is a Linksys NSLU2 that I hacked and loaded
Debian on. Things were touchy getting it installed so I'd rather try
other solutions first. Thanks though.
More information about the PLUG