On Thu, May 29, 2003 at 11:19:24PM -0500, Hanasaki JiJi wrote: > I have a nat postrouting rule that passes traffice from the outside > world to an internal host to handle port 80 (webserver) > > there are also rules to drop certain source addresses yet these > addresses are still coming through
This is because iptables sees the natted addresses...
> how can they be dropped?
not sure, but I think that it'll work when you specify the outside
interface... For example: if you want to drop the http requests from
w.x.y.z then your rule should look like:
iptables -A FORWARD -i <your external interface> -s w.x.y.z -p tcp --dport 80
-j DROP
Again: I am not sure of this to work, but it might be worth a shot.
Hope this helps,
Kristof
--
Digital fingerprint: F56F F987 0E0C AFF8 0B6D 7CA1 F152 E07D 72AF 337B
pgpvcZ8EnaMJI.pgp
Description: PGP signature
