I have had this in place for ages, hopefully blocking egress of local networks outside the nat. It appears to work...
iptables -t mangle -I POSTROUTING -d 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j DROP but what I'd wanted was to actually send a reason for it, but putting the reason in icmp... iptables -t mangle -I POSTROUTING -d 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -o ge00 -j REJECT --reject-with icmp-host-unreachable but that doesn't, saying that I can't put it in the mangle table, and there isn't a postrouting table in the filter table... -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
