Luis, You'd be use FORWARD chain in the table filter.
POSTROUTING and PREROUTING is in the nat table. # The first rule allow traffic in port tcp/80 /sbin/iptables -A FORWARD -s 12.16.2.5 -p tcp --dport 80 -j ACCEPT # The second rule allow the trafic inbound to 12.16.2.5 source from port tcp/80. /sbin/iptables -A FORWARD -d 12.16.2.5 -p tcp --sport 80 -j ACCEPT # The third rule drop all trafics in all ports and protocols. /sbin/iptables -A FORWARD -s 12.16.2.5 -j DROP Best Regards, Diego Lilioso 2008/10/16 James Shupe <[EMAIL PROTECTED]> > Correction: > > [QUOTE] > You'd be better off with a DROP policy where you could just use: > > /sbin/iptables .... -d $EXTERNAL_HOST -p 80 -j ACCEPT > > With your ACCEPT policy, just use inverse: > > /sbin/iptables .... -d ! $EXTERNAL_HOST -p 80 -j DROP > [/QUOTE] > > "-p 80" needs to be "-p tcp --dport 80". Not sure how I overlooked it. > > - > James Maurice Shupe | HermeTek Network Solutions > [EMAIL PROTECTED] | *NIX Consulting and Hosting > GPG signed mail preferred | http://www.hermetek.com > Plain text mail preferred | 1.866.325.6207 > > Key fingerprint: D484 EACC 9D0F A2A5 5277 C4A8 5704 1987 A938 DF3A > > ------------------------------------------------------------------------ > This Email is covered by the Electronic Communications Privacy Act, > 18 U.S.C. 2510-2521 and is legally privileged. The information > contained in this Email is intended only for use of the individual > or entity named above. If the reader of this message is not the intended > recipient, or the employee or agent responsible to deliver it to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited. > If you have received this communication in error, please immediately > notify us by telephone 1.866.325.6207 and destroy the original message. > > > On Thu, 2008-10-16 at 15:27 -0400, Luis Rondon Paz wrote: > > hello everyone i have a question > > i have this in my iptables > > > > EXT_IF=eth1 > > > > ############# > > /sbin/iptables -t nat -A POSTROUTING -s 12.16.2.5 -o $EXT_IF -j > MASQUERADE > > > > > > now > > how can i DROP ALL TRAFIC FROM IP 12.16.2.5 ??? exept port 80 to one > > external ip ? > > > > example > > > > i neeed to drop all traffic > > and i need to allow the traffic to one address only > > > > how can i do that Ç???? > > > > > > /sbin/iptables -t nat -A POSTROUTING -s 12.16.2.5 -d EXTERNALONEHOSTONLY > > -o $EXT_IF -j ACCEPT > > > > /sbin/iptables -t nat -A POSTROUTING -s 12.16.2.5 -d 0.0.0.0/0 -o > $EXT_IF > > -j DROP ??? > > > > > > OR SHOULD I NEED TO USE TO FORWARD ?? > > > > thanks for reading me . > > > > > > > > > > > > > > > > > > >
